HPE Community
Operating System - HP-UX
1833722 Members
2215 Online
110063 Solutions
New Discussion

pam_ntlm

 
Dan Newcombe
Advisor

‎08-27-2002 08:59 AM

‎08-27-2002 08:59 AM

pam_ntlm

I have been fighting with this underdocumented item for a bit now.

In my /etc/pam.conf I have made these two changes under the auth section:
login auth sufficient /usr/lib/security/libpam_ntlm.1
login auth required /usr/lib/security/libpam_unix.1 try_first_pass

I have modified the /etc/opt/cifsclient/pam/smb.conf to have the name of our Win2K domain and the IP's of the two domain controllers in there.

No matter what though - it will not try to contact the win server (at least according to the logs there).

Is there any way I can get this to spit out debuging information? I'm thinking of just grabbint pam_smb which works fine on all the Linux boxes and seeing if that'll work here.

Thanks!
0 Kudos
Reply
6 REPLIES 6
Eric Buckner
Regular Advisor

‎08-27-2002 09:04 AM

‎08-27-2002 09:04 AM

Re: pam_ntlm

Try

login auth sufficient /usr/lib/security/libpam_ntlm.1 debug



my smb.conf looks like this

[global]

workgroup = WINDOWS_DOMAIN


password server = SERVER1 SERVER2

wins server = ip_addy_to_wins_server

Works like a champ for me. Did you join the domain? I never had much luck doing it w/o joining the domain.


HTH,
Eric
Time is not a test of the truth.
0 Kudos
Reply
Dan Newcombe
Advisor

‎08-27-2002 09:18 AM

‎08-27-2002 09:18 AM

Re: pam_ntlm

Hmmm...thought I tried adding debug...will try again.

How do you join the domain? None of the documentation mentioned that. It makes sense, but you'd think the docs would allude to that...then again...HP's docs are usually wrong.
0 Kudos
Reply
Eric Buckner
Regular Advisor

‎08-27-2002 09:38 AM

‎08-27-2002 09:38 AM

Re: pam_ntlm

Joining a domain really only make sense when you want to do SMB shares and control access to those via the DOMAIN permissions.


Also keep in mind there are 2 smb.conf files. /etc/opt/samba/smb.conf and /etc/opt/cifsclient/pam/smb.conf

The first one is really for using SMB from the server but it also has the extra information needed in it for joining the domain.

In order to join an NT domain you have to add your NETBIOS name to the NT domain on the PDC using Server Manager for Domains. You will add your server as a Windows NT Workstation or Server, but not as a PDC or BDC.

After you have done that issue the following command.

smbpasswd -j DOMAIN_NAME -r DOMAIN_PDC_NAME

Should report back something along the lines of:

smbpasswd: Joined domain DOMAIN.


All in all this seems to be a bit convoluted and there is probably an easier way to accomplish this, but it is how I finally got it to working.

Hope it helps!
Eric
Time is not a test of the truth.
0 Kudos
Reply
Dan Newcombe
Advisor

‎08-27-2002 09:53 AM

‎08-27-2002 09:53 AM

Re: pam_ntlm

One day I think I'm gonna sue HP for all the time I've wasted trying to follow their documentation.

To quote the smb.conf file:
## password server: the ip address or domain name of one or more
## systems which will be used to authenticate logins. Use of ip
## addresses is HIGHLY RECOMMENED, as it eliminates dependencies
## on network name resolution services.


Guess what - it started working as soon as I replaced the recommended IP addresses with the name of the servers.
0 Kudos
Reply
Eric Buckner
Regular Advisor

‎08-28-2002 06:04 AM

‎08-28-2002 06:04 AM

Re: pam_ntlm

Dan,
Great to hear. Now go put those NT guys out of a job by doing better what they do best.

Eric
Time is not a test of the truth.
0 Kudos
Reply
Dan Newcombe
Advisor

‎09-10-2002 06:37 AM

‎09-10-2002 06:37 AM

Re: pam_ntlm

I guess I spoke to soon. It seems to randomly work...some days it'll work just fine, some it won't. pam_smb from our Linux boxes work just fine.

Also, no matter what I do, this module will not spit out any debug information either.

Guess it's not quite ready for prime-time :(
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.