Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
pam_auth_basic_user() - account is not healthy
From: delman (k3zzt8n02sneakemail.com)
Date: Fri Nov 14 2003 - 10:49:50 CST
I'm trying to use Apache's pam_auth_module with winbindd to authenticate Intranet users to a web application using our PDC (WinNT - sp6a box).
It seems to work well with samba (users can access their shares using domain credentials), but it doesn't work for apache, and googling has given no answer.
For every auth attempt this is my auth.log:
Nov 14 17:17:50 ict-srv-db pam_winbind: Verify user `foo'
Nov 14 17:17:50 ict-srv-db pam_winbind: user 'foo' granted acces
And this is the error.log of apache:
[Fri Nov 14 17:17:50 2003] [error] (13)Permission denied: access to / failed for 192.168.0.xxx, reason: Permission denied
[Fri Nov 14 17:17:50 2003] [debug] mod_auth_pam.c(398): [client 192.168.0.xxx] pam_auth_basic_user() - account is not healthy
I'm clueless, any hint?
auth sufficient pam_winbind.so debug
account sufficient pam_winbind.so
passwd: compat winbind
group: compat winbind
workgroup = MYOWN
server string = %h server
security = DOMAIN
password server = 192.168.0.xxx
passdb backend = tdbsam, guest
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
client plaintext auth = No
log level = winbind:10
syslog = 2
log file = /var/log/samba/log.%m
max log size = 1000
min protocol = LANMAN2
preferred master = No
local master = No
domain master = No
dns proxy = No
ldap ssl = no
panic action = /usr/share/samba/panic-action %d
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /dev/null
winbind separator = +
winbind enable local accounts = No
winbind use default domain = Yes
invalid users = root
AuthName "Auth needed"
require group "Domain Users"
Pam-list mailing list