LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Red Hat (http://www.linuxquestions.org/questions/red-hat-31/)
-   -   Unable to validate users against Directory Users in RHEL4 (http://www.linuxquestions.org/questions/red-hat-31/unable-to-validate-users-against-directory-users-in-rhel4-496033/)

Felipe 10-27-2006 06:39 AM

Unable to validate users against Directory Users in RHEL4
 
Hallo:

Im trying to validate users against de Directory Active (DA) in RedHat EL 4.

Ive joined the machine to the DA.

Commands work fine. Ej:
kinit user1#REALM1.RED
kinit user1#REALM2.RED
net ads info
net ads status
wbinfo -g
wbinfo -u


But im unable to connect to the machine throught ssh, telnet,samba, .... When try to connect, winbind logs:

sshd[7605]: pam_krb5[7605]: error resolving user name 'user1' to uid/gid pair
pam_krb5[7605]: error getting information about 'user1'
pam_winbind[7605]: request failed: Wrong Password, PAM error was 7, NT error was NT_STATUS_WRONG_PASSWORD

(and I know its not a problem of password wrong).


I suppose ive a problem with pams, but i dont know where is the problem. What ive configured:

system-auth
==============
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_krb5.so use_first_pass
auth sufficient /lib/security/$ISA/pam_winbind.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so

account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100
account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_krb5.so
account sufficient /lib/security/$ISA/pam_winbind.so

password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_krb5.so use_authtok
password sufficient /lib/security/$ISA/pam_winbind.so use_authtok
password required /lib/security/$ISA/pam_deny.so

session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_mkhomedir.so skel=/etc/skel/ umask=0022
session optional /lib/security/$ISA/pam_krb5.so


sshd
================
#%PAM-1.0
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth

login
=====================
#%PAM-1.0
auth sufficient pam_winbind.so
auth required pam_securetty.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so

account sufficient pam_winbind.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth

session required pam_mkhomedir.so umask=0022
session required pam_stack.so service=system-auth
session optional pam_console.so
session required /lib/security/pam_limits.so


All times are GMT -5. The time now is 09:01 AM.