1

We have integrated a linux thin client with an AD using kerberos, pam and winbindd. We are using pam_mkhomedir to make the home dir, and that works fine. But the login scripts don't run when the AD users use mixed or upper case in there usernames. AD are case insensitive, it doesn't care if the users uses "name" or "Name". So when user "bob" login in with "Bob" he gets home dir /home/bob but user name Bob, not really the same in linux. I what the username to always be converted to lower case, is that possible? 

# Pam file # 
auth        sufficient    pam_unix.so nullok try_first_pass               
auth        sufficient    pam_krb5.so use_first_pass                      
auth        sufficient    pam_winbind.so use_first_pass                   
auth        required      pam_deny.so                        

account     required      pam_access.so                              
account     sufficient    pam_unix.so broken_shadow debug              
account     sufficient    pam_localuser.so                             
account     sufficient    pam_succeed_if.so uid < 100 quiet            
account     [default=bad success=ok user_unknown=ignore] pam_winbind.so
account     required      pam_permit.so                                

password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
password    sufficient    pam_krb5.so use_authtok                                 
password    sufficient    pam_winbind.so use_authtok                              
password    required      pam_deny.so                                             

session     optional      pam_mkhomedir.so umask=0022 skel=/etc/skel/ debug       
session     optional      pam_keyinit.so revoke                                   
session     required      pam_limits.so                                           
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     optional      pam_unix.so                                                  
session     optional      pam_krb5.so ccache=/tmp/krb5cc_%u
xpatrikh
  • 13
  • 1
  • 4

1 Answers1

1

You can use the pam_regex module to transform all usernames to lower-case if you wish.

Though I'd question why you'd wish to allow mixed case names in the first place, it seems like a recipe for confusion and torment.

  • Great I will test that. We have migrated from WinCE to Linux, and the users are used to use Mixed case. – xpatrikh Sep 13 '11 at 07:20
  • 1
    Yes, that seems to work. I use this line: `auth requisite pam_regex.so extended transform=s/.*/\L&/g;` – xpatrikh Sep 22 '11 at 09:19
  • 1
    To also normalize swedish chars, I use: `auth requisite pam_regex.so extended transform=s/.*/\L&/g;s//a/g;s//a/g;s//a/g;s//a/g;s//o/g;s//o/g;s/å/a/g;s/Å/a/g;s/ä/a/g;s/Ä/a/g;s/ö/a/g;s/Ö/a/g` – xpatrikh Sep 23 '11 at 09:54