You are not logged in.

#1 2013-05-03 14:47:51

queljin
Member
Registered: 2010-06-14
Posts: 4

PAM Authentication (winbind) and groups

I've followed the Arch wiki (https://wiki.archlinux.org/index.php/Ac … ntegration) to integrate and use my domain login. Currently everything works as expected, I can login with my AD user (thanks to matone and combuster over this thread; https://bbs.archlinux.org/viewtopic.php?pid=1265595).

There is one small problem, annoyance if you will, however; my local user and my AD user (or any other new users I add) can't use networking, the volume mixer or video related when logged in to a KDE session. Maybe some other components, I haven't tested it yet. I'm just stuck on getting my network connections or sound working.

If I add my local (and AD user) to the related groups (for example; audio and network groups), I can manage system sounds and networks as expected.

I'm not sure where to look and I'm out of ideas. Any suggestions?

Thanks.

Last edited by queljin (2013-05-03 15:07:52)

Offline

#2 2013-05-14 13:36:29

queljin
Member
Registered: 2010-06-14
Posts: 4

Re: PAM Authentication (winbind) and groups

Well, after a lot of tries and reading, I found out that system-login PAM configuration must include system-auth as the last option. Because of the changes made to system-auth configuration, when pam_winbind or pam_unix module returns success and exits (because they are "sufficient") other modules below them aren't working which in turn causes the pam_loginuid module not working. Below is my new system-login config in case someone needs it.

Please remember this is in no way a recommended configuration, it may be completely wrong and break your existing configuration. It just works for me. YMMV.

/etc/pam.d/system-login :

#%PAM-1.0

auth       required   pam_tally.so         onerr=succeed file=/var/log/faillog
auth       required   pam_shells.so
auth       requisite  pam_nologin.so
auth       include    system-auth

account    required   pam_access.so
account    required   pam_nologin.so
account    include    system-auth

password   include    system-auth

session    optional   pam_loginuid.so
session    required   pam_env.so
session    optional   pam_motd.so          motd=/etc/motd
session    optional   pam_mail.so          dir=/var/spool/mail standard quiet
-session   optional   pam_systemd.so
session    include    system-auth

Last edited by queljin (2013-05-14 13:38:16)

Offline

Board footer

Powered by FluxBB