[Samba] Samba/winbind with Active Directory auth

Kris Kaido kriskaido at gmail.com
Mon Jan 18 08:33:00 MST 2010 

Hi List,

I'm installing a Samba server with the intended purpose of serving files to
Windows users with seamless authentication on the smb server.
For that, I've been reading and following every single google search result
regarding the subject, but it seems I'm stuck at some point where other
people are not blocked ...

To summarize, I have these commands OK:
# kinit admin_user at DOMAIN.EXAMPLE.COM
# klist (ticket ok)
# net join ads -S server -U admin_user
# wbinfo -u and -g (both showing "DOMAIN\...")
# wbinfo -t (succeeded)

I configured PAM to use winbind, and to test it I'm using ssh with the same
config as I will for samba

Here's what I get when I try to ssh into my smb server using my AD
credentials:
Jan 18 15:34:18 smb sshd[9157]: pam_winbind(sshd:auth): getting password
(0x00000000)
Jan 18 15:34:18 smb sshd[9157]: pam_winbind(sshd:auth): request failed:
Named pipe dicconnected, PAM error was System error (4), NT error was
NT_STATUS_PIPE_DISCONNECTED
Jan 18 15:34:18 smb sshd[9157]: pam_winbind(sshd:auth): internal module
error (retval = 4, user = 'DOMAIN\myusername')
Jan 18 15:34:18 smb sshd[9157]: pam_unix(sshd:auth): authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.5.6
 user= DOMAIN\myusername
Jan 18 15:34:20 smb sshd[9157]: Failed password for DOMAIN\myusername from
192.168.5.6 port 50872 ssh2

Any idea on what this error (NT_STATUS...) means ?

Also when trying this I get an error:
smb:~# wbinfo -a admin_user%admin_pwd
plaintext password authentication failed
Could not authenticate user henry_admin with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_PIPE_DISCONNECTED (0xc00000b0)
error messsage was: Named pipe dicconnected
Could not authenticate user admin_user with challenge/response
smb:~#

Here's my PAM config:
auth    sufficient      pam_winbind.so
auth    required        pam_unix.so use_first_pass
account sufficient      pam_winbind.so
account required        pam_unix.so
session required        pam_mkhomedir.so skel=/etc/skel/ umask=0022
session sufficient      pam_winbind.so
session required        pam_unix.so
password        requisite       pam_cracklib.so retry=3 type=
password        sufficient      pam_unix.so nullok use_authtok md5 shadow
password        sufficient      pam_winbind.so use_first_pass
password        required        pam_deny.so

Any help would be greatly appreciated.

Thanks,

k.

More information about the samba mailing list