[Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
Miles Roper
mroper at westcoastdhb.org.nz
Sun Feb 2 19:53:58 GMT 2003
Hi All,
Thanks for your help, still no luck though. More info for you.
with no debug statements in my /etc/pam.conf I get in sys log the following.
Feb 2 14:43:02 coastdr pam_winbind[2832]: user 'traininguser' granted acces
with debug turned on I get
Feb 2 14:47:49 coastdr pam_winbind[2839]: Verify user `traininguser'
Feb 2 14:47:49 coastdr pam_winbind[2839]: user 'traininguser' granted acces
the user is still logging out.
incidentlally, when I log in as a unix user, rather than a win2k user I
don't get anything in sys log. I've included my pam.conf below.
Also, I checked for /etc/shells, no such file, and I have set my smb.conf
shell line to
template shell = /sbin/sh
and also tried
template shell = /usr/bin/sh
both files exist.
#
# PAM configuration
#
# Authentication management
#
login auth sufficient /usr/lib/security/libpam_unix.1 debug
login auth sufficient /usr/lib/security/libpam_winbind.1
debug
#login auth sufficient /usr/lib/security/libpam_smb.1 nolocal
debug
su auth required /usr/lib/security/libpam_unix.1 debug
dtlogin auth required /usr/lib/security/libpam_unix.1 debug
dtaction auth required /usr/lib/security/libpam_unix.1 debug
ftp auth required /usr/lib/security/libpam_unix.1 debug
OTHER auth required /usr/lib/security/libpam_unix.1 debug
#
# Account management
#
login account sufficient /usr/lib/security/libpam_unix.1 debug
login account sufficient /usr/lib/security/libpam_winbind.1
debug
su account required /usr/lib/security/libpam_unix.1 debug
dtlogin account required /usr/lib/security/libpam_unix.1 debug
dtaction account required /usr/lib/security/libpam_unix.1 debug
ftp account required /usr/lib/security/libpam_unix.1 debug
#
OTHER account required /usr/lib/security/libpam_unix.1 debug
#
# Session management
#
login session sufficient /usr/lib/security/libpam_unix.1 debug
login session sufficient /usr/lib/security/libpam_winbind.1
debug
dtlogin session required /usr/lib/security/libpam_unix.1 debug
dtaction session required /usr/lib/security/libpam_unix.1 debug
OTHER session required /usr/lib/security/libpam_unix.1 debug
#
# Password management
#
login password sufficient /usr/lib/security/libpam_unix.1 debug
login password sufficient /usr/lib/security/libpam_winbind.1
debug
passwd password required /usr/lib/security/libpam_unix.1 debug
passwd password required /usr/lib/security/libpam_winbind.1
debug
dtlogin password required /usr/lib/security/libpam_unix.1 debug
dtaction password required /usr/lib/security/libpam_unix.1 debug
OTHER password required /usr/lib/security/libpam_unix.1 debug
Cheers
Miles
-----Original Message-----
From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall at hp.com]
Sent: Saturday, 1 February 2003 04:53 a.m.
To: 'John H Terpstra'; Miles Roper
Cc: 'samba-technical at lists.samba.org'; 'samba at lists.samba.org'; Esh,
Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); MCCALL,DON
(HP-USA,ex1); 'Richard Sharpe'
Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
Hi, Miles,
Actually on HP-UX, you will need to add the word 'debug' at the end of each
of
the lines in you /etc/pam.conf file, to enable more debugging to go into the
/var/adm/syslog/syslog.log file.
One thing that I have seen something like this happen on is if the
/etc/shells file is corrupt, or if the shell that is defined for the user
(since they don't have a /etc/passwd entry, this would be whatever you put
in
template in the smb.conf) does not exactly match one of the lines in
/etc/shells,
or the defaults, if this file does not exist.
The defaults for 11.0 are:
/sbin/sh
/usr/bin/sh
/usr/bin/rsh
/usr/bin/ksh
/usr/bin/rksh
/usr/bin/csh
/usr/bin/keysh
Hope this helps,
Don
> -----Original Message-----
> From: John H Terpstra [mailto:jht at samba.org]
> Sent: Friday, January 31, 2003 1:36
> To: Miles Roper
> Cc: 'samba-technical at lists.samba.org'; 'samba at lists.samba.org'; Esh,
> Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); 'MCCALL,DON
> (HP-USA,ex1)'; 'Richard Sharpe'
> Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
>
>
> On Fri, 31 Jan 2003, Miles Roper wrote:
>
> > Hi Everyone,
> >
> > I'm forgetting about the password one at the moment, thanks
> for all your
> > input :o)
> >
> > I still don't have a clue how to solve my main problem.
> I'm assuming that
> > its not actually winbind related now, as I've recently
> tried pam_smb and get
> > the same basic problem.
> >
> > Basically, when I log into the UNIX box, the
> username/password of a NT user
> > is being authenticated, but doesn't actually log in. It
> doesn't get past
> > the password line. I know it accepts the password. Its
> almost as if it
> > can't find the shell. But the template variable is set
> within the smb.conf
> > file. Permissions are fine. I have exactly the same
> problem with the
> > pam_smb module.
>
> So what does PAM report into your /var/log files?
>
> Have you tried adding to each line in your /etc/pam.d/login
> (after the .so
> file name) the word 'audit' - this will increase the volume
> of debugging
> info spit out into /var/log/messages, or wherever PAM send
> this on your
> distro.
>
> - John T.
>
> >
> > If there is any further information I can send let me know.
> >
> > Ideas?
> >
> > Thanks
> >
> > Miles
> >
> >
> > -----Original Message-----
> > From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall at hp.com]
> > Sent: Friday, 31 January 2003 07:06 a.m.
> > To: STEFFENS,MICHAEL (HP-Germany,ex1); Ronan Waide
> > Cc: 'samba at lists.samba.org'; Esh, Andrew; Miles Roper;
> > 'samba-technical at lists.samba.org'; 'Richard Sharpe'
> > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck,
> Please Help
> >
> >
> > Hi Everyone,
> > This whole problem with the password command not working
> when winbind
> > is included as a method in the nsswitch.conf can probably
> be worked around
> > by simply using the -r files (or -r nis or -r nisplus)
> switch. Take a look
> > at the man page for passwd on HP-UX 11.x and see if this
> won't help you
> > out.
> > Hope this helps,
> > Don
> >
> > > -----Original Message-----
> > > From: Michael Steffens [mailto:michael.steffens at hp.com]
> > > Sent: Tuesday, January 28, 2003 11:52
> > > To: Ronan Waide
> > > Cc: 'samba at lists.samba.org'; Esh, Andrew; Miles Roper;
> > > 'samba-technical at lists.samba.org'; 'Richard Sharpe'
> > > Subject: Re: [Samba] RE: Winbind on HPUX11, Totally
> Stuck, Please Help
> > >
> > >
> > > Ronan Waide wrote:
> > > > On January 28, Andrew_Esh at adaptec.com said:
> > > >
> > > >>I don't have HPUX, so I don't know what to suggest for
> > > that. I just know
> > > >>getent won't work without winbindd in nsswitch.conf on Linux.
> > > >
> > > >
> > > > I think the point that was being made is that NSS support
> > > on HPUX only
> > > > supports a few known types, of which one is LDAP. The
> discussion was
> > > > basically about faking out the system so that what it
> thinks is LDAP
> > > > is actually winbind.
> > >
> > > Yep. It's a HP-UX specific workaround. Please ignore it
> > > everywhere else.
> > >
> > > Michael
> > >
> > >
> >
>
> --
> John H Terpstra
> Email: jht at samba.org
>
More information about the samba-technical
mailing list