LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 08-09-2005, 06:43 AM   #1
ZilenT-X
LQ Newbie
 
Registered: Aug 2005
Posts: 6

Rep: Reputation: 0
Login against active directory. Get permission denied!


Running Ubuntu 5.04

samba, kerberos and winbind are installed and working.

Wbinfo -u and wbinfo -g works fine.
joining domain with "net ads join" works fine.

Have followed this guide for configuring kerberos, samba, winbind and pam.
that is found att the ubuntu wiki

Compared to the guide my pam config file "common-auth" i have altered this line

auth required pam_unix.so nullok_secure use_first_pass (in the guide it is sufficient) but then you could login as root (or any other account) without a password.

And here is my real issue. When i try to login as a member of the active directory i get "permission denied":

Workstation login: domain+username
Password:

Permission denied


I think that this is a simple issue. But i have searched the web and everything! still got no clue! Please help!

/Stian Lysberg
 
Old 08-10-2005, 04:37 AM   #2
cdhgee
Member
 
Registered: Oct 2003
Location: St Paul, MN
Distribution: Fedora 8, Fedora 9
Posts: 513

Rep: Reputation: 30
Have you tried the username and domain in the two forms that AD accepts, namely domain\username and username@fully-qualified-domain?

e.g.

home\david
david@home.lan.com
 
Old 08-11-2005, 03:30 AM   #3
ZilenT-X
LQ Newbie
 
Registered: Aug 2005
Posts: 6

Original Poster
Rep: Reputation: 0
Then i get "login incorrect"

Then i get "login incorrect" !

Dont i have to use the winbind seperator? in my smb.conf i have "winbind seperator = +" Doesent that mean that i have to use
domain+username?






-
ZilenT-X
 
Old 08-12-2005, 04:56 AM   #4
cdhgee
Member
 
Registered: Oct 2003
Location: St Paul, MN
Distribution: Fedora 8, Fedora 9
Posts: 513

Rep: Reputation: 30
Yeah, quite possibly - does that not work either? Does it give the same error message?
 
Old 08-12-2005, 06:35 AM   #5
ZilenT-X
LQ Newbie
 
Registered: Aug 2005
Posts: 6

Original Poster
Rep: Reputation: 0
When i try to login with domain+user i get Permission Denied!

Workstation login: domain+username
Password:

Permission denied

It has to be in some of the config files?
 
Old 08-12-2005, 07:21 AM   #6
fouldsy
Senior Member
 
Registered: Jan 2002
Location: St Louis, MO
Distribution: Ubuntu
Posts: 1,284

Rep: Reputation: 47
Possibly, or it could be problems with the configuration of PAM. To check the Samba side of things authenticates and you have domain connectivity, try the following:
Code:
wbinfo -a DOMAIN+username%password
obviously sticking in your own domain, username + password. This should come back and say whether you could be authenticated. If not, check smbd + winbindd are running. If it's still not going, it's a Samba configuration issue. If it does go through, which I reckon it will since you have wbinfo -u + wbinfo -g coming back okay, you need to look at PAM modifications.
 
Old 08-15-2005, 04:29 AM   #7
ZilenT-X
LQ Newbie
 
Registered: Aug 2005
Posts: 6

Original Poster
Rep: Reputation: 0
wbinfo -a DOMAIN+username%password works fine!

plaintext password authentication succeeded
challenge/response password authentication succeeded


So then it is a Pam issue?

Below i have posted my pam files. Anyone have any idea what i need to alter?

common-account:
Code:
account sufficient       pam_winbind.so
account sufficient       pam_unix.so
Common-auth:
Code:
auth sufficient pam_winbind.so
auth required pam_unix.so nullok_secure use_first_pass
common-password:
Code:
password   required   pam_unix.so nullok obscure min=4 max=50 md5
common-session:
Code:
session required pam_unix.so
session required pam_mkhomedir.so umask=0022 skel=/etc/skel
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
'permission denied' trying to mount a directory leupi Linux - Networking 19 12-04-2005 06:50 PM
root gets 'Permission denied' to directory mikemrh9 Linux - Security 2 11-18-2005 04:15 AM
permission denied to home directory ekdya Debian 3 11-08-2005 04:24 PM
permission denied when opening directory pilot1 Linux - General 1 10-23-2002 08:27 PM
permission denied when mounting nfs directory keirobyn Linux - Networking 3 01-29-2002 12:43 AM


All times are GMT -5. The time now is 06:54 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration