[Samba] Winbind & ssh
Matthew Western, IT Support, Lonsdale
mwestern at sola.com.au
Thu Mar 3 22:26:07 GMT 2005
Hi All,
I've got winbind happening and can telnet into the box using my NT
account (have manually made home directory) and it works a treat.
When I try to ssh in I get access denied.
As you can see from the log winbind is granting access but it seems that
sshd is blocking access before winbind can get to it? That's a guess of
course.
Any ideas?
Matthew
/var/log/messages------------
Mar 4 08:56:18 bluegum sshd(pam_unix)[12419]: check pass; user unknown
Mar 4 08:56:18 bluegum sshd(pam_unix)[12419]: authentication failure;
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=bodj.ap.sola.com
Mar 4 08:56:18 bluegum pam_winbind[12419]: user 'mwestern' granted
access
Smb.conf------------------------
[global]
workgroup = AUSTRALIA
realm = AP.SOLA.COM
server string = Sola EB2 Enterprise Linux Box
security = ADS
password server = wattle.ap.sola.com
log file = /var/log/samba/smbd.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = /etc/printcap
dns proxy = No
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /home/%U
template shell = /bin/bash
winbind separator = +
winbind use default domain = Yes
cups options = raw
/etc/pam.d/sshd------------------
auth required pam_stack.so service=system-auth
auth sufficient pam_winbind.so
auth required pam_nologin.so
account required pam_stack.so service=system-auth
account sufficient pam_winbind.so
password required pam_stack.so service=system-auth
#password sufficient pam_winbind.so (tried it with or without the
password option)
session required pam_stack.so service=system-auth
session required pam_limits.so
session optional pam_console.so
/etc/pam.d/login---------------------
auth required pam_securetty.so
auth sufficient pam_winbind.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account sufficient pam_winbind.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session optional pam_console.so
More information about the samba
mailing list