Samba - how to put into domain and authenticate (once again)

Grosswiler Roger roger at gwch.net
Thu Dec 11 07:26:55 UTC 2003 

It seems, if i look my log....i tried this morning to log in on the
localserver itself as a domain-user. see results below. i'll insert what
you said again on the server, and try afterwards, if i can also connect
via a remote client.

Dec 11 06:11:52 morpheus gdm(pam_unix)[4802]: check pass; user unknown
Dec 11 06:11:52 morpheus gdm(pam_unix)[4802]: authentication failure;
logname= uid=0 euid=0 tty=:0 ruser= rhost=
Dec 11 06:11:53 morpheus gdm-binary[4802]: Benutzer konnte nicht
legitimiert werden
Dec 11 06:12:04 morpheus gdm(pam_unix)[4802]: check pass; user unknown
Dec 11 06:12:04 morpheus gdm(pam_unix)[4802]: authentication failure;
logname= uid=0 euid=0 tty=:0 ruser= rhost=
Dec 11 06:12:05 morpheus gdm-binary[4802]: Benutzer konnte nicht
legitimiert werden
Dec 11 06:12:13 morpheus gdm(pam_unix)[4802]: check pass; user unknown
Dec 11 06:12:13 morpheus gdm(pam_unix)[4802]: authentication failure;
logname= uid=0 euid=0 tty=:0 ruser= rhost=
Dec 11 06:12:15 morpheus gdm-binary[4802]: Benutzer konnte nicht
legitimiert werden
Dec 11 06:12:22 morpheus gdm(pam_unix)[4802]: check pass; user unknown
Dec 11 06:12:22 morpheus gdm(pam_unix)[4802]: authentication failure;
logname= uid=0 euid=0 tty=:0 ruser= rhost=
Dec 11 06:12:24 morpheus gdm-binary[4802]: Benutzer konnte nicht
legitimiert werden

...while "Benutzer konnte nicht legitimiert werden" means a kind of "User
could not be legitimated" or "authenticated"

> On Wed, Dec 10, 2003 at 10:33:34PM +0100, Roger Grosswiler wrote:
>> i tried now again, but just entered now in the system-auth the
>> following:
>> auth        sufficient    /lib/security/$ISA/pam_smb_auth.so
>> use_first_pass nolocal
>
> The pam_smb_auth module is entirely different from winbind -- its
> configuration file is /etc/pam_smb.conf.  Its readme file states that
> you should place the domain name on the first line of the file, the name
> of the PDC on the second line, and the names of another PDC on the third
> line.
>
> The pam_smb_auth module can only perform authentication.  It can not
> provide needed information about users (UIDs, GIDs, etc.) to programs --
> you'll need something which does this.
>
> Winbind happens to provide modules which can communicate with winbind to
> accomplish both of these.  The upside of pam_smb_auth is that you can
> point it at just about any SMB server (probably even a Windows for
> Workgroups server), and it'll work, but winbind needs something at least
> as capable as a PDC.  Different tools with different capabilities for
> different-but-similar problems.
>
> Because pam_smb_auth can't provide user information, you need to set up
> *something* which will.  If not winbind, then NIS, or LDAP, or hesiod.
> Each of these requires its own server to be set up, because they use
> different protocols which your PDC likely isn't set up to serve.
>
> HTH,
>
> Nalin
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>

More information about the users mailing list