[Samba] winbind + pam authentication immediately closes session
Timothy Fontaine
tjfontaine at gmail.com
Wed Jul 27 18:49:47 GMT 2005
I followed the basic pointers for setting up pam + winbind on a debian
based system ( http://www.ubuntuforums.org/showthread.php?t=5409 ) the
member server is joined to the domain and authentication appears to
work successfully, however when I attempt to login with a domain user
with the proper password to a method that requires a session
(ssh/su/xdm) or otherwise the session is immediately closed.
Relevant event history:
(testing winbind auth)
tjfontaine at server2:~$ wbinfo -a jay%uberSecretPass
plaintext password authentication succeeded
challenge/response password authentication succeeded
(su'ing to domain user)
tjfontaine at server2:~$ su - jay
Password:
tjfontaine at server2:~$
(auth.log on member server)
Jul 27 14:13:59 server2 su[7978]: + pts/0 tjfontaine:jay
Jul 27 14:13:59 server2 su[7978]: (pam_unix) session opened for user
jay by tjfontaine(uid=1000)
Jul 27 14:13:59 server2 su[7978]: (pam_unix) session closed for user jay
(member servers log on domain controller)
[2005/07/27 14:14:13, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [jay] -> [jay] ->
[jay] succeeded
Member server information:
Debian Unstable
samba 3.0.14a (-6 debian revision)
server2:~# uname -a
Linux server2 2.6.10-1-686-smp #1 SMP Fri Mar 11 01:49:45 EST 2005
i686 GNU/Linux
Member server config:
[global]
workgroup = mydomain
log level = 10
server string = Terminal Server
wins support = no
wins server = 192.168.2.1
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = domain
encrypt passwords = true
passdb backend = tdbsam guest
obey pam restrictions = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
socket options = TCP_NODELAY
domain master = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = Yes
winbind separator = +
password server = *
[homes]
comment = Home Directories
browseable = no
writable = no
create mask = 0700
directory mask = 0700
[printers]
comment = All Printers
browseable = no
path = /tmp
printable = yes
public = no
writable = no
create mode = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
More information about the samba
mailing list