Приветствую!После успешной авторизации пользователя, создаётся и тут же закрывается сессия этого пользователя. Лог auth:
May 17 13:21:13 localhost login[2002]: pam_winbind(login:auth): getting password (0x00001010)
May 17 13:21:13 localhost login[2002]: pam_winbind(login:auth): pam_get_item returned a password
May 17 13:21:13 localhost login[2002]: pam_winbind(login:auth): user 'test' granted access
May 17 13:21:13 localhost login[2002]: pam_winbind(login:account): user 'test' granted access
May 17 13:21:13 localhost login[2002]: pam_unix(login:session): session opened for user test by LOGIN(uid=0)
May 17 13:21:13 localhost login[2002]: pam_unix(login:session): session closed for user test
/etc/pam.d/login#%PAM-1.0
auth required pam_securetty.so
auth requisite pam_nologin.so
auth sufficient pam_ldap.so
auth sufficient pam_winbind.so use_first_pass debug_state
auth required pam_unix.so nullok use_first_pass
auth required pam_tally.so onerr=succeed file=/var/log/faillog
# use this to lockout accounts for 10 minutes after 3 failed attempts
#auth required pam_tally.so deny=2 unlock_time=600 onerr=succeed file=/var/log/faillog
account required pam_access.so
account required pam_time.so
account sufficient pam_ldap.so
account sufficient pam_winbind.so
account required pam_unix.so
#password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
#password required pam_unix.so sha512 shadow use_authtok
#session sufficient pam_winbind.so #пробовал с ним и без
session required pam_unix.so
session required pam_env.so
session required pam_motd.so
session required pam_limits.so
session optional pam_mail.so dir=/var/spool/mail standard
session optional pam_lastlog.so
session optional pam_loginuid.so
-session optional pam_ck_connector.so nox11
-session optional pam_systemd.so
билет kerberos руками получить я могу. Вот настройки:[libdefaults]
default_realm = palata.irksp.ru
clockskew = 300
ticket_lifetime = 1d
forwardable = true
proxiable = true
dns_lookup_realm = true
dns_lookup_kdc = true[realms]
palata.irksp.ru = {
kdc = server.palata.irksp.ru
admin_server = server.palata.irksp.ru
default_domain = PALATA.IRKSP.RU
}[domain_realm]
.palata.irksp.ru = PALATA.IRKSP.RU
palata.irksp.ru = PALATA.IRKSP.RU
palata = PALATA.IRKSP.RU[appdefaults]
[logging]
default = FILE:/var/log/krb5_libs.log
kdc = FILE:/var/log/krb5_kdc.log
admin_server = FILE:/var/log/krb5_admsrv.log
но странно, что в логах всё пусто...
и настройки smb.conf[global]
netbios name = arch
workgroup = PALATA
realm = PALATA.IRKSP.RU
server string = %h Archlinux Host
security = ADS
allow trusted domains = no
encrypt passwords = yes
password server = *idmap backend = idmap_rid:PALATA=500-10000
idmap uid = 500-10000
idmap gid = 500-10000
winbind use default domain = yes
winbind separator = +
winbind refresh tickets = yes
winbind enum users = no
winbind enum groups = no
winbind nested groups = yes
load printers = no
wbinfo отрабатыает. getenv passwd test тоже "видит" доменного пользователя.
машина в домен входит[root@arch ~]# net ads join -U admin
Enter admin's password:
Using short domain name -- PALATA
Joined 'ARCH' to realm 'palata.irksp.ru'
И не пойму где и у чего включит отладку, чтобы хоть логи почитать...
решилась проблема просто. добавляем в smb.conftemplate shell = /bin/bash