CentOS 5 + vsftpd + kerberos authentication to AD troubles

Hiya,

I've been working on this for about 3 weeks now for part of a project for my studies. Not sure if its really necessary to do it but frankly I'd like to get it working because I feel that is the way the project is meant to be, plus its something I'm interested in learning. I followed this guide: http://blog.scottlowe.org/2005/12/22/complete-linux-ad-authentication-details/ and kinit ldap (the user I created for ldap) worked perfectly.

But I still cannot log in to vsftpd with either Administrator or the user alkatr0z I set up as well. Both have the UNIX attributes set, Administrator is UID: 10000 while alkatr0z is 10001. The GID I have set for both is 100, This is going off the /etc/group file which lists "users:x:100".

On Windows 2003 Server I see in the Event Viewer multiple logins for the user LDAP but nothing for Administrator or alkatr0z so from this I would figure that the issue is with /etc/pam.d/system-auth or /etc/pam.d/vsftpd. Except for one thing which is that in my /var/log/messages I received a single message "vsftpd: pam_krb5[13989]: authentication succeeds for 'Administrator' (Administrator@GARTH.FATECOM.COM)". That was 1 out of ~5 attempts and all of them had login timeout as opposed to authentication failed messages including the apparently successful one.

I'm pretty well running out of ideas on what I might have set up wrong. I also get this error which I'm not too concerned about but I post in case it helps: "pcscd: winscard.c:219:SCardConnect() Reader E-Gate 0 0 Not Found", that tends to get repeated alot with the login attempts but I figure thats just something in system-auth and so long as it tries to authenticate against kerberos as well I'll be happy.

Something else I just tested and found to work is 'getent passwd' lists the two AD users I configured with Unix Attributes so that appears to be working fine as well.

If anyone has any ideas or wants me to post files I'll be happy to and appreciate any help at all. Starting from scratch is no issue either as I have both Server 2003 & CentOS installed in VMWare with base snapshots taken so I can revert easily to a clean install.

Semi Solved the issue now It was indeed something obvious. I forgot that FTP goes to the users home directory, which none of my AD logins possessed. I've semi solved it by creating the directories by hand since adding this line to /etc/pam.d/vsftpd didn't create the home directory like I expected.


If anyone knows what is wrong with that line a final solution to the whole thing would be much appreciated.