[Samba] Solaris, winbind and console login

Walther, Jens-Uwe Walther at krz.schott.de
Tue Oct 1 15:10:00 GMT 2002 

Hi,

I 'm running :

bash-2.03# uname -a
SunOS kdejenssamfs 5.8 Generic_108528-15 sun4u sparc SUNW,Sun-Fire-280R

and Samba 2.2.5 with winbind and PAM module.
I do not need local domain users anymoure as expected. But I have two
remaining problems:

1. "console" logins are no longer possible. I get the follwoing error in
/var/adm/messages:

...
Oct  1 16:41:07 kdejenssamfs pam_winbind[817]: [ID 507189 auth.error]
request failed, PAM error was 13, NT error was NT_STATUS_NO_SUCH_USER
..

2. ftp doesn't work even if telnet works.

My "/etc/pam.conf" is:

#
#ident  "@(#)pam.conf   1.16    01/01/24 SMI"
#
# Copyright (c) 1996-2000 by Sun Microsystems, Inc.
# All rights reserved.
#
# PAM configuration
#
# Authentication management
#
login   auth required   /usr/lib/security/pam_winbind.so.1 debug
login   auth required   /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
login   auth required   /usr/lib/security/$ISA/pam_dial_auth.so.1
#
rlogin  auth sufficient /usr/lib/security/pam_winbind.so.1
rlogin  auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin  auth required   /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
#
dtlogin auth sufficient /usr/lib/security/pam_winbind.so.1
dtlogin auth required   /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
#
rsh     auth required   /usr/lib/security/$ISA/pam_rhosts_auth.so.1
other   auth sufficient /usr/lib/security/pam_winbind.so.1 debug
other   auth required   /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
#
# Account management
#
login   account sufficient      /usr/lib/security/pam_winbind.so.1 debug
login   account requisite       /usr/lib/security/$ISA/pam_roles.so.1
login   account required        /usr/lib/security/$ISA/pam_projects.so.1
login   account required        /usr/lib/security/$ISA/pam_unix.so.1
try_first_pass
#
dtlogin account sufficient      /usr/lib/security/pam_winbind.so.1
dtlogin account requisite       /usr/lib/security/$ISA/pam_roles.so.1
dtlogin account required        /usr/lib/security/$ISA/pam_projects.so.1
dtlogin account required        /usr/lib/security/$ISA/pam_unix.so.1
try_first_pass
#
other   account sufficient      /usr/lib/security/pam_winbind.so.1 debug
other   account requisite       /usr/lib/security/$ISA/pam_roles.so.1
other   account required        /usr/lib/security/$ISA/pam_projects.so.1
other   account required        /usr/lib/security/$ISA/pam_unix.so.1
try_first_pass
#
# Session management
#
other   session required        /usr/lib/security/$ISA/pam_unix.so.1
try_first_pass
#
# Password management
#
other   password required       /usr/lib/security/$ISA/pam_unix.so.1
dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1

smb.conf is:

workgroup = KRZ
netbios name = kdejenssamfs
#netbios aliases = proxy2 djian
server string = Samba %v %h
interfaces = 10.2.39.204/23
bind interfaces only = true
socket address = 10.2.39.204/23
map to guest = Bad user
log level = 1
syslog = 0
log file = /usr/local/samba/var/log.%m
max log size = 10
deadtime = 5
os level = 31
domain master = no
local master = no
wins server = 10.2.39.67
name resolve order = lmhosts wins hosts bcast
# make sure you 've domain account for samba server to NT domain
# and typed "smbpasswd -j DOM -r DOMPDC" before
security = domain
password server = kdejenskrzads1.krz.ads kdejenskrzads2.krz.ads
encrypt passwords = true
username map = /usr/local/samba/private/users.map
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
template homedir = /export/home/%D/%U
template shell = /bin/bash
...

Any help is appreciated.


Best regards
      Uwe walther

More information about the samba mailing list