[Samba] Winbind & ssh

Matthew Western, IT Support, Lonsdale mwestern at sola.com.au
Thu Mar 3 22:26:07 GMT 2005 

Hi All,

I've got winbind happening and can telnet into the box using my NT
account (have manually made home directory) and it works a treat.
When I try to ssh in I get access denied.     

As you can see from the log winbind is granting access but it seems that
sshd is blocking access before winbind can get to it?  That's a guess of
course.

Any ideas?
Matthew

/var/log/messages------------
Mar  4 08:56:18 bluegum sshd(pam_unix)[12419]: check pass; user unknown
Mar  4 08:56:18 bluegum sshd(pam_unix)[12419]: authentication failure;
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=bodj.ap.sola.com
Mar  4 08:56:18 bluegum pam_winbind[12419]: user 'mwestern' granted
access


Smb.conf------------------------
[global]
        workgroup = AUSTRALIA
        realm = AP.SOLA.COM
        server string = Sola EB2 Enterprise Linux Box
        security = ADS
        password server = wattle.ap.sola.com
        log file = /var/log/samba/smbd.log
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        printcap name = /etc/printcap
        dns proxy = No
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template homedir = /home/%U
        template shell = /bin/bash
        winbind separator = +
        winbind use default domain = Yes
        cups options = raw

/etc/pam.d/sshd------------------
auth       required     pam_stack.so service=system-auth
auth       sufficient   pam_winbind.so
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
account    sufficient   pam_winbind.so
password   required     pam_stack.so service=system-auth
#password   sufficient   pam_winbind.so   (tried it with or without the
password option)
session    required     pam_stack.so service=system-auth
session    required     pam_limits.so
session    optional     pam_console.so

/etc/pam.d/login---------------------
auth       required     pam_securetty.so
auth       sufficient   pam_winbind.so
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    sufficient   pam_winbind.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    optional     pam_console.so

More information about the samba mailing list