<html>
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
p
{margin-right:0in;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman";}
span.EmailStyle17
{font-family:"Times New Roman";
color:windowtext;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
/* List Definitions */
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>Running <b><span style='font-weight:
bold'>FC2</span></b></span></font></p>
<p class=MsoNormal style='margin-left:.5in;text-indent:-.25in;text-autospace:
none'><font size=2 face=Symbol><span style='font-size:10.0pt;font-family:Symbol'>·<font
size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>
</span></font></span></font><font size=2 face=Arial><span style='font-size:
10.0pt;font-family:Arial'>kernel 2.6.5-1.358</span></font></p>
<p class=MsoNormal style='margin-left:.5in;text-indent:-.25in;text-autospace:
none'><font size=2 face=Symbol><span style='font-size:10.0pt;font-family:Symbol'>·<font
size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>
</span></font></span></font><font size=2 face=Arial><span style='font-size:
10.0pt;font-family:Arial'>krb5-workstation/libs/devel-1.3.3-1</span></font></p>
<p class=MsoNormal style='margin-left:.5in;text-indent:-.25in;text-autospace:
none'><font size=2 face=Symbol><span style='font-size:10.0pt;font-family:Symbol'>·<font
size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>
</span></font></span></font><font size=2 face=Arial><span style='font-size:
10.0pt;font-family:Arial'>pam-krb5-2.0.10-1</span></font></p>
<p class=MsoNormal style='margin-left:.5in;text-indent:-.25in;text-autospace:
none'><font size=2 face=Symbol><span style='font-size:10.0pt;font-family:Symbol'>·<font
size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>
</span></font></span></font><font size=2 face=Arial><span style='font-size:
10.0pt;font-family:Arial'>pam-0.77-40</span></font></p>
<p class=MsoNormal style='margin-left:.5in;text-indent:-.25in;text-autospace:
none'><font size=2 face=Symbol><span style='font-size:10.0pt;font-family:Symbol'>·<font
size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>
</span></font></span></font><font size=2 face=Arial><span style='font-size:
10.0pt;font-family:Arial'>samba-3.0.3-5</span></font></p>
<p class=MsoNormal style='margin-left:.5in;text-indent:-.25in;text-autospace:
none'><font size=2 face=Symbol><span style='font-size:10.0pt;font-family:Symbol'>·<font
size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>
</span></font></span></font><font size=2 face=Arial><span style='font-size:
10.0pt;font-family:Arial'>samba-common-3.0.3-5</span></font></p>
<p class=MsoNormal style='margin-left:.5in;text-indent:-.25in;text-autospace:
none'><font size=2 face=Symbol><span style='font-size:10.0pt;font-family:Symbol'>·<font
size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>
</span></font></span></font><font size=2 face=Arial><span style='font-size:
10.0pt;font-family:Arial'>samba-client-3.0.3-5</span></font></p>
<p class=MsoNormal style='margin-left:.5in;text-indent:-.25in;text-autospace:
none'><font size=2 face=Symbol><span style='font-size:10.0pt;font-family:Symbol'>·<font
size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>
</span></font></span></font><font size=2 face=Arial><span style='font-size:
10.0pt;font-family:Arial'>pam_smb-1.1.7-3.1</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> </span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> </span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>I would like to achieve a
single-sign on, authenticating against AD (Win Server 2003) and retrieving a
Kerberos ticket, and pulling down user groups. I have the proper config
files(Kerberos & Samba), but the error seems to be in my system-auth module.
</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> </span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>The login bombs in 2 places on the
Linux side</span></font></p>
<p class=MsoNormal style='margin-left:.5in;text-indent:-.25in;text-autospace:
none'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>1.<font
size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>
</span></font></span></font><font size=2 face=Arial><span style='font-size:
10.0pt;font-family:Arial'>After entering username</span></font></p>
<p class=MsoNormal style='margin-left:1.0in;text-indent:-.25in;text-autospace:
none'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>a.<font
size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>
</span></font></span></font><font size=2 face=Arial><span style='font-size:
10.0pt;font-family:Arial'>pam_krb5: error resolving user name
‘superman’ to uid/gid pair</span></font></p>
<p class=MsoNormal style='margin-left:1.0in;text-indent:-.25in;text-autospace:
none'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>b.<font
size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>
</span></font></span></font><font size=2 face=Arial><span style='font-size:
10.0pt;font-family:Arial'>pam_krb5: error getting information about
‘superman’</span></font></p>
<p class=MsoNormal style='margin-left:.5in;text-indent:-.25in;text-autospace:
none'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>2.<font
size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>
</span></font></span></font><font size=2 face=Arial><span style='font-size:
10.0pt;font-family:Arial'>After entering password</span></font></p>
<p class=MsoNormal style='margin-left:1.0in;text-indent:-.25in;text-autospace:
none'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>a.<font
size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>
</span></font></span></font><font size=2 face=Arial><span style='font-size:
10.0pt;font-family:Arial'>gdm-binary: Couldn’t set acct. mgmt. for
superman</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> </span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>On the Win2003 side, superman does
authenticate via winbind, but there exists no log showing a Kerberos request.</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> </span></font></p>
<p class=MsoNormal style='text-autospace:none'><b><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial;font-weight:bold'>Also: I can
retrieve tickets using kinit and superman/<i><span style='font-style:italic'>password</span></i></span></font></b></p>
<p class=MsoNormal style='text-autospace:none'><b><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial;font-weight:bold'> getent
passwd/group retrieves the users and groups on the AD server</span></font></b></p>
<p class=MsoNormal style='text-autospace:none'><b><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial;font-weight:bold'> wbinfo
–u/-g retrieves the AD groups</span></font></b></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> </span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>Any ideas?</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> </span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>I appreciate any help/direction,</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> </span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>Mike Kizerian</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'><a
href="mailto:michael.kizerian@usaa.com">michael.kizerian@usaa.com</a></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'><a
href="mailto:mike.kizerian@sbcglobal.net">mike.kizerian@sbcglobal.net</a></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> </span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>Here is my pam.d/system-auth file:</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>*This is a mixture of what the
authentication applet creates and suggestions I’ve found online. Some of
those suggestions have stated that the <i><span style='font-style:italic'>login</span></i>
modules needs to manipulated, but since it calls the system-auth module, I
don’t see why it would be necessary, if it is please explain.</span></font></p>
<p class=MsoNormal style='text-autospace:none'><b><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial;font-weight:bold'>/etc/pam.d/system-auth</span></font></b></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>auth required pam_env.so</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>auth required pam_krb5.so</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>auth required pam_winbind.so
use_first_pass</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>auth required pam_unix.so
use_first_pass likeauth nullok</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>auth required pam_deny.so</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> </span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>account required pam_krb5.so</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>account required pam_winbind.so</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>account required pam_unix.so</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> </span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>password required pam_cracklib.so
retry=3 type=</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>password sufficient pam_unix.so
nullok use_authok md5 shadow</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>password sufficient pam_krb5.so
use_authok</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>password required pam_deny.so</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> </span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>session required pam_limits.so</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>session required pam_unix.so</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>sessions sufficient pam_krb5.so</span></font></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'> </span></font></p>
</div>
</body>
</html>