[Samba] winbind when machine account is not allowed to read users from ad
steve
steve at steve-ss.com
Tue Dec 3 07:30:24 MST 2013
On Tue, 2013-12-03 at 14:08 +0100, Stefan Heß wrote:
> /var/log/auth.log:
>
> login[739]: pam_unix(login:auth): check pass; user unknown
> login[739]: pam_unix(login:auth): authentication failure; logname=LOGIN
> uid=0 euid=0 tty=/dev/tty2 ruser= rhost=
> login[739]: pam_winbind(login:auth): [pamh: 0x190d460] ENTER:
> pam_sm_authenticate (flags: 0x0000)
> login[739]: pam_winbind(login:auth): getting password (0x00004389)
> login[739]: pam_winbind(login:auth): pam_get_item returned a password
> login[739]: pam_winbind(login:auth): Verify user 'USER'
> login[739]: pam_winbind(login:auth): PAM config: krb5_ccache_type 'FILE'
> login[739]: pam_winbind(login:auth): [pamh: 0x190d460] LEAVE:
> pam_sm_authenticate returning 10 (PAM_USER_UNKNOWN)
> login[739]: pam_krb5(login:auth): user ac111286 authenticated as
> USER at DOMAIN.NET
> login[739]: pam_unix(login:account): could not identify user (from
> getpwnam(USER))
> login[739]: Authentication failure
>
>
> Thanks
> Stefan
>
Hi
I think your pam stack is in the wrong order or has the wrong options.
RU allowed to post it?
Cheers,
Steve
More information about the samba
mailing list