Debian/Ubuntu - [решено] Ubuntu 9.04 + Likewise + Win2000 проблемы авторизации в аду

[mzd] · Конфигурация компьютера

А в /etc/likewise/lsass.conf что?

WhitePangolin · Отправлено: **16:52, 23-09-2009** | #12

Код:

yuri@programist:~$ cat /etc/likewise-open5/lsassd.conf
#
# Likewise Security and Authentication Subsystem (LSASS)
#
# Time value suffixes:
# d - days
# h - hours
# m - minutes
# s - seconds
#

[global]

    # Default: no
    # enable-eventlog = yes

    # Default: yes
    # log-network-connection-events = no

    # Default: \
    # Allowed: a punctuation character
    # Excluded: whitespace, alphanumeric, space-replacement character
    domain-separator = \

[pam]

    # Default: error
    #
    # Note: log-level can be one of
    #       {disabled, error, warning, info, verbose}
    log-level = error

    # Message of the day
    # Default: no
    # display-motd = yes

    # Note: Show this error when user is not
    #       list of members (users/groups)
    #       allowed to login
    # user-not-allowed-error = Access denied

[auth provider:lsa-activedirectory-provider]

    path = /usr/lib/likewise-open5/liblsass_auth_provider_ad.so

    login-shell-template = /bin/bash

    # Prefix path for user's home directory
    # Note:
    #   a) This is used in place of %H in the
    #      homedir-template setting
    #   b) Must be an absolute path
    #
    # Default: Linux: /home
    # Default: MacOS: /Users
    # Default: SunOS: /export/home
    #
    # homedir-prefix = <absolute path>

    homedir-template = %H/%D/%U

    ldap-sign-and-seal = false

    # Cache entry expiration timespan
    # Default: 4h
    # Minimum: 0
    # Maximum: 1d
    cache-entry-expiry = 4h

    # Machine password expiration lifespan
    # Default: 30d
    # Minimum: 1h
    # Maximum: 60d
    machine-password-lifespan = 30d

    # Default: ^
    # Allowed: a punctuation character
    # Excluded: whitespace, alphanumeric, @, /, domain separator character, #
    space-replacement = ^

    # Default: no
    # assume-default-domain = yes
    # Default: yes
    # sync-system-time = no

    # Allow only the following users and groups
    # to login to this system
    #
    # Note: Use a comma-separated list of
    #       { alias, NT4 style name, SID }
    #
    # require-membership-of = ABC\support group, ABC\joe, jane, S-1-5-21-3447809367-3151979076-456401374-513

    # Default: yes
    # create-k5login = no

    # Whether home directories should be automatically
    # created upon user login
    #
    # Default: yes
    # create-homedir = no

    # Umask for home directories
    # Default: 022
    #
    # homedir-umask = 022

    # Paths to skeleton directories for provisioning
    # home directories
    #
    # Note: Use a comma separated list
    #
    # Default: /etc/skel
    #   or
    # Default: System/Library/User Template/Non_localized,
    #          /System/Library/User Template/English.lproj
    #
    # skeleton-dirs = /etc/skel

    # Whether user credentials should automatically be
    # refreshed
    #
    # Default: yes
    # refresh-user-credentials = no

    # Forces lsass to use unprovisioned mode
    # Values: full unprovisioned
    # Default: full
    #
    cell-support = unprovisioned

    # Whether to remove a cached group membership entry derived from PAC
    # with information from LDAP showing the user disappearing from
    # a group.
    #
    # Default: yes
    #
    # trim-user-membership = no

    # Whether to return only cached info for NSS group members.
    #
    # Default: yes
    #
    # nss-group-members-query-cache-only = no

    # Whether to return only cached info for NSS user's groups.
    #
    # Default: no
    #
    # nss-user-membership-query-cache-only = yes

[auth provider:lsa-local-provider]

    path = /usr/lib/likewise-open5/liblsass_auth_provider_local.so

    # Default: 30d
    # Minimum: 1d
    # Maximum: 180d
    password-lifespan = 30d

    # Default: 14d
    # Minimum: 1h
    # Maximum: 30d (must be less than lifespan)
    password-change-warning-time = 14d

Остальные конфиги тоже просмотрел. Ничего интересного. Где он эти группы разруливает неясно.

[mzd] · Конфигурация компьютера

А эти смотрел: lwiauthd.conf и pam_lwidentity.conf?

WhitePangolin · Отправлено: **17:43, 23-09-2009** | #14

Этих файлов у меня нет.

Если судить по логам с ошибкой, то смотреть надо сюда:

Код:

yuri@programist:~$ cat /etc/pam.d/gdm
#%PAM-1.0
auth    requisite       pam_nologin.so
auth    required        pam_env.so readenv=1
auth    required        pam_env.so readenv=1 envfile=/etc/default/locale
@include common-auth
auth    optional        pam_gnome_keyring.so
@include common-account
session required        pam_limits.so
@include common-session
session optional        pam_gnome_keyring.so auto_start
@include common-password

yuri@programist:~$ cat /etc/pam.d/common-auth
auth	[success=2 default=ignore]	pam_unix.so nullok_secure
auth	[success=1 default=ignore]	pam_lsass.so try_first_pass
auth	requisite			pam_deny.so
auth	required			pam_permit.so

Но здесь вроде бы и срезаться то негде.

WhitePangolin · Отправлено: **19:21, 13-10-2009** | #15

Добрый человек навел на мысльмысль. Спасибо ему огромное.