PDA

View Full Version : PAM Group Config Help



LarryResch
11-Jul-2012, 17:48
I am having an issue with direct rendering using the VMWare player that is traced to the user not being in the video group on the system. We are using NIS so our user accounts are not local to the system and thus not in the video group. I do not want to reconfigure NIS to push out system groups, so I was going to use PAM to add all users to the video and some other groups. I am having trouble getting it to work...

I have added the following line to /etc/pam.d/login
auth optional pam_group.so

I have added the following line to /etc/security/group.conf
*;*;*;Al0000-2400;users audio video storage

When I log in with an NIS user account, I still get the direct rendering error in VMware. We are running KDE and are using kdm as the login manager. I copied /etc/pam.d/xdm to /etc/pam.d/kdm and added the same line as in login, but still did not work. Anyone have any ideas or suggestions?

TIA.
-L

mikewillis
12-Jul-2012, 19:39
I use pam_group to add ldap users to certain groups during login but I use gdm not kdm.

You say that you still see the rending error, but you don't say whether the users are being added to the video group or not. Did you check that? Maybe you did, but you don't say so and the thought occurs that maybe they are being added to the video group but that isn't the fix for the rendering issue.

The line I have in group.conf has the groups comma separated. So if the user's aren't being added to the video group try changing your line to

*;*;*;Al0000-2400;users,audio,video,storage

As far as I know adding stuff in to /etc/pam.d/login will only affect 'text' logins. E.g. hit ctrl-alt-F1 and log in there, such a login will be affected by modifications to /etc/pam.d/login.

It's always worth saying which version of SLED you're using. What's true for SLED 11 SP2 may not be true for SLED 10 SP4.