[Samba] Wheezy Samba+Winbind+AD+PAM
Aaron Gibson
agibson684 at gmail.com
Thu Jul 11 02:20:48 MDT 2013
Greetings fellow Samba enthusiasts!
I am having an issue after upgrading to the latest version of wheezy
from my former squeeze on my testing node.
I am unable to login anymore as my AD user erin. i can do the following
commands successfully but not getent passwd erin or logging in to the
system via the console.
It is currently a fresh install all i did was copy my krb.conf,
samba.conf, and pam.d/* directories or files over. I also installed all
the packages i though i needed. I have this same setup work on 7 other
(squeeze) machines and i got no issue with them at all.
I am enclosing a couple pastebin as well. There is a lot of information
to look at.
If you have any questions or need more info send me an email and i will
respond after work tonight.
Thanks so much!
Aaron G.
######################################INFO ################################
PASTEBIN:
http://sprunge.us/MXbS
ERROR:
root at testing:~# login erin
Password:
Login incorrect
testing login: ^C
root at testing:~# tail /var/log/auth.log
####################
Jul 11 04:14:44 testing login[4821]: pam_securetty(login:auth): access
denied: tty '/dev/pts/0' is not secure !
Jul 11 04:14:50 testing login[4821]: pam_unix(login:auth): check pass;
user unknown
Jul 11 04:14:50 testing login[4821]: pam_unix(login:auth):
authentication failure; logname=root uid=0 euid=0 tty=/dev/pts/0 ruser=
rhost=
Jul 11 04:14:50 testing login[4821]: pam_winbind(login:auth): getting
password (0x00000050)
Jul 11 04:14:50 testing login[4821]: pam_winbind(login:auth):
pam_get_item returned a password
Jul 11 04:14:50 testing login[4821]: pam_winbind(login:auth): user
'erin' granted access
Jul 11 04:14:53 testing login[4821]: FAILED LOGIN (1) on '/dev/pts/0'
FOR 'UNKNOWN', User not known to the underlying authentication module
root at testing:~#
oot at testing:~# ./samba-check.sh
+ klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: ERIN at THRACE.LAN
Valid starting Expires Service principal
10/07/2013 20:27 11/07/2013 06:26 krbtgt/THRACE.LAN at THRACE.LAN
renew until 11/07/2013 20:27
+ net ads info
LDAP server: 192.168.1.219
LDAP server name: bkdc.thrace.lan
Realm: THRACE.LAN
Bind Path: dc=THRACE,dc=LAN
LDAP port: 389
Server time: Thu, 11 Jul 2013 04:14:43 EDT
KDC server: 192.168.1.219
Server time offset: -51
+ wbinfo -u
guest
administrator
krbtgt
teddy
erin
camaron
sarah
matt
ripper
nancy
summer
justin
dummy
pcthrace
nathan
+ wbinfo -g
domain computers
cert publishers
domain users
domain guests
ras and ias servers
domain admins
schema admins
enterprise admins
group policy creator owners
allowed rodc password replication group
denied rodc password replication group
enterprise read-only domain controllers
read-only domain controllers
domain controllers
dnsadmins
dnsupdateproxy
nagios
http
ssh
lan-login
computers-group
+ getent passwd erin
root at testing:~#
More information about the samba
mailing list