PLEASE HELP! samba2.2.6rc2cvs - solaris winbind pam - using user
"nobody" instead of domain user
David Shapiro
David.Edward.Shapiro at bti.com
Tue Nov 5 14:57:07 GMT 2002
Hello,
Used /usr/ccs/bin ld, as, make (solaris 8) and 2.95.3 20010315 (release)
I installed samba 2.2.6rc2cvs with
cd /usr/local/samba/source
env CFLAGS="-Wall -m32 -g" ./configure \
--with-winbind \
--with-winbind-auth-challenge \
--with-acl-support \
--with-ssl \
--without-sendfile-support \
--with-included-popt \
--with-pam \
--with-smbwrapper
make && make install
ln -s /usr/local/samba/source/nsswitch/libnss_winbind.so
/usr/lib/libnss_winbind.so.1
ln -s /usr/local/samba/source/nsswitch/libnss_winbind.so
/usr/lib/libnss_winbind.so.2
ln -s /usr/local/samba/source/nsswitch/libnss_winbind.so
/usr/lib/nss_winbind.so.1
ln -s /usr/local/samba/source/nsswitch/libnss_winbind.so
/usr/lib/nss_winbind.so.2
ln -s /usr/local/samba/source/nsswitch/pam_winbind.so
/usr/lib/security/pam_winbind.so
crle -l /usr/j2se/jre/lib/sparc -i /usr/j2se/lib/sparc -l /usr/lib -i
/usr/lib -l /usr/local/lib -i /usr/local/lib -l /usr/local/ssl/lib -i
/usr/local/ssl/lib -i /usr/lib/security -s /usr/lib/security -i
/usr/lib/secure -s /usr/lib/security
crle -64 -l /usr/lib/64 -i /usr/lib/64 -s /usr/lib/64/secure
pam.conf:
login auth sufficient /usr/lib/security/$ISA/pam_winbind.so
login auth required /usr/lib/security/$ISA/pam_unix.so.1
login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1
#
rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1
#
rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1
other auth required /usr/lib/security/$ISA/pam_unix.so.1
#
# Account management
#
login account sufficient /usr/lib/security/$ISA/pam_winbind.so
login account requisite /usr/lib/security/$ISA/pam_roles.so.1
login account required /usr/lib/security/$ISA/pam_projects.so.1
login account required /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1
dtlogin account required /usr/lib/security/$ISA/pam_projects.so.1
dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1
#
other account sufficient /usr/lib/security/$ISA/pam_winbind.so
other account requisite /usr/lib/security/$ISA/pam_roles.so.1
other account required /usr/lib/security/$ISA/pam_projects.so.1
wbinfo -a INS+DavidSha%password (password was my password) returns:
plaintext password authentication succeeded
However,
smbclient //optimus/samba-lib -UINS+DavidSha%password fails:
added interface ip=10.1.1.234 bcast=10.1.1.255 nmask=255.255.255.0
added interface ip=127.0.0.1 bcast=127.0.0.255 nmask=255.255.255.0
Got a positive name query response from 10.1.4.11 ( 10.1.1.234 )
Domain=[INS] OS=[Unix] Server=[Samba 2.2.6rc2cvs]
tree connect failed: NT_STATUS_WRONG_PASSWORD
log.optimus shows it tryint to log in with the user nobody:
er_in_list: checking user nobody in list INS+JamesF INS+DavidSha nobody
[2002/11/05 09:39:24, 10] lib/username.c:user_in_list(460)
user_in_list: checking user |nobody| against |INS+JamesF|
[2002/11/05 09:39:24, 10] lib/username.c:user_in_list(460)
user_in_list: checking user |nobody| against |INS+DavidSha|
[2002/11/05 09:39:24, 10] lib/username.c:user_in_list(460)
user_in_list: checking user |nobody| against |nobody|
[2002/11/05 09:39:24, 10] lib/username.c:user_in_list(466)
user_in_list: user |nobody| matches |nobody|
[2002/11/05 09:39:24, 2] smbd/service.c:make_connection(331)
Invalid username/password for samba-lib [nobody]
[2002/11/05 09:39:24, 3] smbd/error.c:error_packet(110)
error packet at smbd/reply.c(166) cmd=117 (SMBtconX)
NT_STATUS_WRONG_PASSWORD
The smb.conf:
Global parameters
[global]
coding system =
client code page = 850
code page directory = /usr/local/samba/lib/codepages
workgroup = INS
netbios name = OPTIMUS
netbios aliases =
netbios scope =
server string = Samba %v on (%L)
interfaces = 10.1.1.234/24 127.0.0.1/24
bind interfaces only = Yes
security = DOMAIN
encrypt passwords = Yes
update encrypted = No
allow trusted domains = Yes
hosts equiv =
min passwd length = 5
map to guest = Never
null passwords = No
obey pam restrictions = Yes
password server = PDC,EXCHANGE_CORP
smb passwd file = /usr/local/samba/private/smbpasswd
root directory =
pam password change = No
passwd program = /usr/bin/passwd
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = No
username map =
password level = 0
username level = 0
unix password sync = No
restrict anonymous = No
lanman auth = Yes
use rhosts = No
admin log = No
log level = 10
syslog = 1
syslog only = No
log file = /usr/local/samba/var/log.%m
max log size = 50
timestamp logs = Yes
debug hires timestamp = No
debug pid = No
debug uid = No
protocol = NT1
large readwrite = No
max protocol = NT1
min protocol = CORE
read bmpx = No
read raw = Yes
write raw = Yes
nt smb support = Yes
nt pipe support = Yes
nt status support = Yes
announce version = 4.5
announce as = NT
max mux = 50
max xmit = 65535
name resolve order = wins lmhosts hosts bcast
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = No
unix extensions = No
change notify timeout = 60
deadtime = 0
getwd cache = Yes
keepalive = 300
lpq cache time = 10
max smbd processes = 0
max disk size = 0
max open files = 10000
name cache timeout = 660
read size = 16384
socket options = SO_SNDBUF=65536 SO_RCVBUF=65536
stat cache size = 50
use mmap = Yes
total print jobs = 0
load printers = No
printcap name = /etc/printcap
disable spoolss = No
enumports command =
addprinter command =
deleteprinter command =
show add printer wizard = Yes
os2 driver map =
strip dot = No
mangling method = hash
character set =
mangled stack = 50
stat cache = Yes
domain admin group =
domain guest group =
machine password timeout = 604800
add user script =
delete user script =
logon script =
logon path = \\%N\%U\profile
logon drive =
logon home = \\%N\%U
domain logons = No
os level = 31
lm announce = Auto
lm interval = 60
preferred master = Yes
local master = Yes
domain master = No
browse list = Yes
enhanced browsing = Yes
dns proxy = Yes
wins proxy = No
wins server = 10.1.4.11
wins support = No
wins hook =
kernel oplocks = Yes
lock spin count = 3
lock spin time = 10
oplock break wait time = 0
add share command =
change share command =
delete share command =
config file =
preload =
lock dir = /usr/local/samba/var/locks
pid directory = /usr/local/samba/var/locks
default service =
message command =
dfree command =
valid chars =
remote announce = 10.1.4.255/INS
remote browse sync = 10.1.1.236 10.1.1.223 10.1.2.20
socket address = 0.0.0.0
homedir map = auto.home
time offset = 0
NIS homedir = No
source environment =
panic action = 'echo %d; sleep 10000'
hide local users = No
winbind uid = 10000-20000
winbind gid = 10000-20000
template homedir = /export/home/%D/%U
template shell = /bin/ksh
winbind separator = +
winbind cache time = 15
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = No
comment =
path =
alternate permissions = No
username =
guest account = nobody
invalid users =
valid users =
admin users =
read list =
write list =
printer admin =
force user =
force group =
read only = Yes
create mask = 0744
force create mode = 00
security mask = 0777
force security mode = 00
directory mask = 0755
force directory mode = 00
directory security mask = 0777
force directory security mode = 00
force unknown acl user = 00
inherit permissions = No
inherit acls = No
guest only = No
guest ok = No
only user = No
hosts allow = 10. 127.
hosts deny = ALL
status = Yes
nt acl support = Yes
profile acls = No
block size = 1024
max connections = 0
min print space = 0
strict allocate = No
strict sync = No
sync always = No
write cache size = 0
max print jobs = 1000
printable = No
postscript = No
printing = bsd
print command = lpr -r -P%p %s
lpq command = lpq -P%p
lprm command = lprm -P%p %j
lppause command = lp -i %p-%j -H hold
lpresume command = lp -i %p-%j -H resume
queuepause command = disable %p
queueresume command = enable %p
printer name =
use client driver = No
default devmode = No
printer driver =
printer driver file = /usr/local/samba/lib/printers.def
printer driver location =
default case = lower
case sensitive = No
preserve case = Yes
short preserve case = Yes
mangle case = Yes
mangling char = ~
hide dot files = Yes
hide unreadable = No
delete veto files = No
veto files =
hide files =
veto oplock files =
map system = No
map hidden = No
map archive = Yes
mangled names = Yes
mangled map =
browseable = Yes
blocking locks = Yes
csc policy = manual
fake oplocks = No
locking = Yes
oplocks = Yes
level2 oplocks = Yes
oplock contention limit = 2
posix locking = Yes
strict locking = Yes
share modes = Yes
copy =
include =
exec =
preexec close = No
postexec =
root preexec =
root preexec close = No
root postexec =
available = Yes
volume =
fstype = NTFS
set directory = No
wide links = Yes
follow symlinks = Yes
dont descend =
magic script =
magic output =
delete readonly = No
dos filemode = No
dos filetimes = No
dos filetime resolution = No
fake directory create times = No
vfs object =
vfs options =
[homes]
comment = Home Directories
invalid users = root bin daemon nobody named sys tty disk mem kmem
users
read only = No
browseable = No
[samba-lib]
comment = Samba lib
path = /usr/local/samba/lib
valid users = INS+JamesF INS+DavidSha
force group = users
read only = No
Note: samba-lib was set up just for testing
I created a group called users with gid of 10000. The directory
/usr/local/samba/lib is chgrp -R users.
David
More information about the samba-technical
mailing list