We have integrated a linux thin client with an AD using kerberos, pam and winbindd. We are using pam_mkhomedir to make the home dir, and that works fine. But the login scripts don't run when the AD users use mixed or upper case in there usernames. AD are case insensitive, it doesn't care if the users uses "name" or "Name". So when user "bob" login in with "Bob" he gets home dir /home/bob but user name Bob, not really the same in linux.
I what the username to always be converted to lower case, is that possible?
# Pam file #
auth sufficient pam_unix.so nullok try_first_pass
auth sufficient pam_krb5.so use_first_pass
auth sufficient pam_winbind.so use_first_pass
auth required pam_deny.so
account required pam_access.so
account sufficient pam_unix.so broken_shadow debug
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 100 quiet
account [default=bad success=ok user_unknown=ignore] pam_winbind.so
account required pam_permit.so
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_krb5.so use_authtok
password sufficient pam_winbind.so use_authtok
password required pam_deny.so
session optional pam_mkhomedir.so umask=0022 skel=/etc/skel/ debug
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session optional pam_unix.so
session optional pam_krb5.so ccache=/tmp/krb5cc_%u
Best Answer
You can use the pam_regex module to transform all usernames to lower-case if you wish.
Though I'd question why you'd wish to allow mixed case names in the first place, it seems like a recipe for confusion and torment.