Help configuring samba appliance
Patrick Spinler
spinler.patrick at mayo.edu
Wed Feb 14 16:30:31 GMT 2001
Hi:
I've been messing with the samba appliance package recently (the 0.5 rpm
version built last aug 17), and am having difficulty getting logins
working via the supplied pam modules. Here's my setup:
My workstation is R0055620, a member of the domain RCHWKS
My account is pjs11, a account in domain MC
The RCHWKS domain trusts the MC domain (and the RCH domain, too)
When I attempt to login using MC\pjs11, winbindd spits this tidbit of
log:
006e id_auth[0] : 00
006f id_auth[1] : 00
0070 id_auth[2] : 00
0071 id_auth[3] : 00
0072 id_auth[4] : 00
0073 id_auth[5] : 05
0074 sub_auths : 00000015 7c0150b7 0fdc7252 030312ce
0084 status: 00000000
adding trusted domain MC
adding trusted domain RCH
(--- NOTE: here is end of winbind startup log, below is login attempt)
accepted socket 8
[29305]: pam auth MC\pjs11
could not get trust password for domain MC
I've attached my pam config file and nsswitch.conf, and the complete
winbindd output is at http://spinler.dhs.org/~pspinler/winbindd.log.
My system is a somewhat updated redhat 6.2, glibc 2.1.1.
I've also just recompiled the various componants from cvs SAMBA_TNG and
APPLIANCE_HEAD branches, and will be trying these new componants later
today.
-- Pat
p.s. whenever I redirect winbind's output to a file, it hangs. Any
ideas ? E.g. this command:
$ winbindd -i -d 100 > /tmp/winbindd.log
produces a hung winbindd, only killable by kill -9. Any clues ?
--
This message does not represent the policies or positions
of the Mayo Foundation or its subsidiaries.
Patrick Spinler email: Spinler.Patrick at Mayo.EDU
Mayo Foundation phone: 507/284-9485
-------------- next part --------------
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files winbind
shadow: files winbind
group: files winbind
#passwd: files nisplus nis winbind
#shadow: files nisplus nis winbind
#group: files nisplus nis winbind
#hosts: db files nisplus nis dns
hosts: files nisplus nis dns
services: nisplus [NOTFOUND=return] files
networks: nisplus [NOTFOUND=return] files
protocols: nisplus [NOTFOUND=return] files
rpc: nisplus [NOTFOUND=return] files
ethers: nisplus [NOTFOUND=return] files
netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus
-------------- next part --------------
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok
#account required /lib/security/pam_pwdb.so
account required /lib/security/pam_winbind.so
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_pwdb.so shadow nullok use_authtok
session required /lib/security/pam_pwdb.so
session optional /lib/security/pam_console.so
More information about the samba-ntdom
mailing list