Question : Issues with Kerberos and Pam Authentication against Active Directory.

Hi..

I"m trying to get authentication via Kerberos and Pam working against an Active Directory server.

For some reason, I'm not able to log in with the credentials from my network. I'm using Fedora Core 13 x86. Right now, I"m unable to log in.. I'm very thankful for LiveCD's. :-)

Anyway, i remember getting this to work under Ubuntu, but the format of the pam.d files are different and even include many that weren't on my Ubuntu installation.  I'm able to do kinit on users and I was able to join the system to my domain.. This is the only issue.

Here is my system-auth file from my pam.d directory.. Can you tell me what I"m doing wrong?

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        sufficient      pam_env.so
auth        sufficient    /lib/security/pam_winbind.so
auth        sufficient    pam_fprintd.so
auth        required      pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient      pam_deny.so

account     required      pam_unix.so
account     sufficient    /lib/security/pam_winbind.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so

#password    requisite     pam_cracklib.so try_first_pass retry=3 type=
password    sufficient    pam_unix.so sha512 shadow nullok
try_first_pass use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session     required      pam_unix.so


Here is my login file from my pam.d directory

#%PAM-1.0
auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth       include      system-auth
auth       sufficient   pam_nologin.so
auth       sufficient   pam_winbind.so

account    sufficient     pam_nologin.so
account    include      system-auth
account    sufficient   pam_winbind.so


password   include      system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      system-auth
-session   optional     pam_ck_connector.so


 

Answer : Issues with Kerberos and Pam Authentication against Active Directory.

Have you tried the client running the latest rdp client with printer redirection enabled. ?