Форум русскоязычного сообщества Ubuntu


Хотите сделать посильный вклад в развитие Ubuntu и русскоязычного сообщества?
Помогите нам с документацией!

Автор Тема: [РЕШЕНО]Не осуществляется logon локальных пользователей  (Прочитано 708 раз)

0 Пользователей и 1 Гость просматривают эту тему.

Оффлайн magistor

  • Автор темы
  • Новичок
  • *
  • Сообщений: 8
    • Просмотр профиля
Ubuntu 10.04 была введена в домен. один доменный пользователь имеет право на выполнение sudo.
всегда авторизировался под доменным пользователем и только недавно обнаружил что не могу зайти ни в cli ни в gui (гном) под локальными пользователями, пишет "отказано в доступе"(в гном) и permition denied (в cli)
возможно и скорее всего где-то в группах и пользователях что-то сбил в настройках. При заведении овых пользователей  в "группах и пользователях" таже фитча(бага). Прошу Вас помогите восстановить в исходное состояние, а то если что случиться с авторизацией в домене...
Спасибо за советы и солюшены.
« Последнее редактирование: 06 Май 2011, 14:24:53 от magistor »

rapidsp

  • Гость
покажи свой /etc/pam.d/gdm
там вероятно только ldap включен.

Оффлайн magistor

  • Автор темы
  • Новичок
  • *
  • Сообщений: 8
    • Просмотр профиля
Вот он:
#%PAM-1.0
auth    requisite       pam_nologin.so
auth    required        pam_env.so readenv=1
auth    required        pam_env.so readenv=1 envfile=/etc/default/locale
auth    sufficient      pam_succeed_if.so user ingroup nopasswdlogin
@include common-auth
auth    optional        pam_gnome_keyring.so
@include common-account
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required        pam_limits.so
@include common-session
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
session optional        pam_gnome_keyring.so auto_start
@include common-password

rapidsp

  • Гость
ага, еще
common-account
common-password
common-session
common-auth
« Последнее редактирование: 05 Май 2011, 07:07:53 от rapidsp »

Оффлайн magistor

  • Автор темы
  • Новичок
  • *
  • Сообщений: 8
    • Просмотр профиля
Вот:
common-account
#
# /etc/pam.d/common-account - authorization settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authorization modules that define
# the central access policy for use on the system.  The default is to
# only deny service to users whose accounts are expired in /etc/shadow.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.
#
#====================================
account sufficient pam_winbind.so
account required pam_unix.so
#====================================
# here are the per-package modules (the "Primary" block)
account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so
account [success=1 new_authtok_reqd=done default=ignore] pam_winbind.so
# here's the fallback if no module succeeds
#!account requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
#!account required pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config

common-password
#
# /etc/pam.d/common-password - password-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define the services to be
# used to change user passwords.  The default is pam_unix.

# Explanation of pam_unix options:
#
# The "sha512" option enables salted SHA512 passwords.  Without this option,
# the default is Unix crypt.  Prior releases used the option "md5".
#
# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
# login.defs.
#
# See the pam_unix manpage for other options.

# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

# here are the per-package modules (the "Primary" block)
password [success=2 default=ignore] pam_unix.so obscure sha512
password [success=1 default=ignore] pam_winbind.so use_authtok try_first_pass
# here's the fallback if no module succeeds
password requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
password required pam_permit.so
# and here are more per-package modules (the "Additional" block)
password optional pam_gnome_keyring.so
password optional pam_ecryptfs.so
# end of pam-auth-update config
#============================================================
password required pam_unix.so nullok obscure min=4 max=50 md5
#============================================================

common-session
#
# /etc/pam.d/common-session - session-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive).
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

# here are the per-package modules (the "Primary" block)
session [default=1] pam_permit.so
# here's the fallback if no module succeeds
session requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required pam_permit.so
# and here are more per-package modules (the "Additional" block)
session required pam_unix.so
session optional pam_winbind.so
session optional pam_ecryptfs.so unwrap
session optional pam_ck_connector.so nox11
# end of pam-auth-update config
#============
session required pam_mkhomedir.so umask=0022 skel=/etc/skel
#======================my
session  optional  pam_mkhomedir.so skel=/etc/skel/ umask=0077
#++++++++++

common-auth
#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
# traditional Unix authentication mechanisms.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

# here are the per-package modules (the "Primary" block)
auth [success=2 default=ignore] pam_unix.so nullok_secure
auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
# here's the fallback if no module succeeds
auth requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth required pam_permit.so
# and here are more per-package modules (the "Additional" block)
auth optional pam_ecryptfs.so unwrap
# end of pam-auth-update config


rapidsp

  • Гость
В файле common-account попробуй раскоментить строки:
account requisite pam_deny.so
account required pam_permit.so

Оффлайн magistor

  • Автор темы
  • Новичок
  • *
  • Сообщений: 8
    • Просмотр профиля
Заработало!
Проблема решена, Спасибо!

 

Страница сгенерирована за 0.053 секунд. Запросов: 22.