Active Directory login returning me to login screen

apkelley · 10-28-2009, 07:43 AM

Hello,

I've very new to linux, so please excuse my ignorance. I am trying to setup a number of servers to authenticate against my Windows Server 2003 active directory. I have successfully done this with one computer (Dell Optiplex 755), but I can’t seem to get it to work with my servers (Dell PowerEdge R710). I am using Fedora 11.

I have setup samba and pam and have successfully joined the network. Everything with winbind seems to be working properly and I can get all the user info, etc.

When I log in with a local account, everything is fine. If I try to log in with an account from my domain through SSH, I see the message

Code:

/usr/bin/xauth:  creating new authority file /home/apkelley/.Xauthority

After that, nothing happens and it is as if I haven’t connected to anything. If I try to log into the actual server using the graphical interface, it starts logging me in, shows a blank screen for about a second, and then returns to the login screen as if nothing has happened.

I would greatly appreciate any suggestions for how I might fix this problem or how to find out more information about the error.

Here are my smb.conf and system-auth files:

/etc/samba/smb.conf

Code:

 [global]
   workgroup = DS
   password server = 192.168.111.9 192.168.111.1
   realm = DS.MYDOMAIN.EDU
   security = ads
   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   template shell = /bin/false
   winbind use default domain = true
   winbind offline logon = false

	log file = /var/log/samba/log.%m
	max log size = 50	
	load printers = yes
	cups options = raw

template homedir = /home/%U
[homes]
	comment = Home Directories
	browseable = no
	writable = yes
	
[printers]
	comment = All Printers
	path = /var/spool/samba
	browseable = no
	guest ok = no
	writable = no
	printable = yes

/etc/pam.d/system-auth

Code:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_fprintd.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_winbind.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_winbind.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    sufficient    pam_winbind.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     optional      pam_mkhomedir.so skel=/etc/skel/ umask=0022
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so

imapishard · 10-29-2009, 11:02 AM

i think the problem with the ssh login is probably the template shell. the default is /bin/false, i'd change to /bin/bash

here's a snippet of my smb.conf:

Code:

   workgroup = MYDOMAIN
   password server = MYDC1
   realm = my.realm.tld
   security = ads
   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   template shell = /bin/bash
   winbind use default domain = true
   winbind offline logon = false

however, i'm having a similar issue with the graphical logins...

apkelley · 10-30-2009, 08:10 AM

That worked - thanks so much for your help! I really appreciate it!