[Samba] Winbind/Samba + sshd incorrect groups

Mark Cooke mark at mmebs.co.uk
Wed Mar 27 02:29:04 GMT 2002 

Ive just upgraded samba to 2.2.3a (before Ive checked my mail and its all 
working now correctly)
But Iam not sure for how long.

Ive set up the pam ssh module as below:
(from what I can work out it correct, but I may be wrong)

#%PAM-1.0
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    sufficient /lib/security/pam_winbind.so
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_limits.so
session    required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=007
session    optional     /lib/security/pam_console.so

Hope that helps.
Currently I cannot get it to do it, as I mentioned Ive updated samba, I 
never got any reply from the mail I posted, so I figured no one had come 
across this before, so thats why I decided to update samba.

Mark


At 04:16 27/03/02, you wrote:
>How have you configured ssh to use winbind?  Did you setup pam to do this?
>Could you give some specifics on how you are getting the account information
>to sshd.
>
>--
>Brian
>----- Original Message -----
>From: "Mark Cooke" <mark at mmebs.co.uk>
>To: <samba at lists.samba.org>
>Sent: Tuesday, March 26, 2002 6:45 AM
>Subject: [Samba] Winbind/Samba + sshd incorrect groups
>Now heres the wacky bit...
> >
> > It works fine for a few days, even weeks, then all of a sudden some users
> > cannot login via ssh (but they can still browse the samba share)
> > These users settings have not changed on the PDC at all, their passwd's
>and
> > username have all stayed the same.
> > There is nothing different or weird about their accounts either.
> > Even removing them from the group, restarting samba and ssh and putting
> > them back in doesn't cure the problem.
> >
> > In /var/log/secure I get the same error's for all the users that cannot
>log in
> > (its not the same every time, the users can vary):
> >
> > sshd[15164]: User MMGROUP+mark not allowed because none of user's groups
> > are listed in AllowGroups
> > sshd[15164]: Failed password for illegal user MMGROUP+mark from
> > 192.168.1.231 port 1055
> >
>
> >

-----
----------
Mark Cooke
Internet Operations Technician
MM Group Ltd
Tel: 8141 (Internal)
Tel: (0117) 9168141 (External)
Email: mark at mmebs.co.uk
http://www.mmgroup.co.uk

More information about the samba mailing list