linux client auth failure against PDC

Matt Finlayson finlayso at vancouver.wsu.edu
Fri Nov 18 16:36:48 GMT 2005 



Matt Finlayson wrote:
> subject: linux client auth to samba pdc fails
> 
> I have a problem getting linux clients to authenticate against a Samba PDC.
> /etc/pam.d/system-auth
> 
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth        required      /lib/security/$ISA/pam_env.so debug
> auth        sufficient    /lib/security/$ISA/pam_unix.so debug likeauth nullok
> auth        sufficient    /lib/security/$ISA/pam_smb_auth.so debug
> use_first_pass nolocal
> auth        required      /lib/security/$ISA/pam_deny.so debug
> 
> account     required      /lib/security/$ISA/pam_unix.so debug
> account     sufficient    /lib/security/$ISA/pam_succeed_if.so debug uid <
> 100 quiet
> account     required      /lib/security/$ISA/pam_permit.so debug
> 
> password    requisite     /lib/security/$ISA/pam_cracklib.so debug retry=3
> password    sufficient    /lib/security/$ISA/pam_unix.so debug nullok
> use_authtok md5
> #password    sufficient    /lib/security/$ISA/pam_smb_auth.so debug
> use_first_pass nolocal
> password    required      /lib/security/$ISA/pam_deny.so debug
> 
> session     required      /lib/security/$ISA/pam_limits.so debug
> session     required      /lib/security/$ISA/pam_unix.so debug
> 
> /etc/pam_smb.conf
> "my domain"
> "my Server"
> none
> 
> When I try to logon to the linux client machine with a username and
> password stored in samba I get the following error message in
> /var/log/samba/%m.logfile [2005/11/17 14:21:53, 2]
> smbd/server.c:exit_server(609)
>   Closing connections
> [2005/11/17 14:21:53, 3] smbd/connection.c:yield_connection(69)
>   Yielding connection to
> [2005/11/17 14:21:53, 3] smbd/connection.c:yield_connection(76)
>   yield_connection: tdb_delete for name  failed with error Record does not
> exist.
> [2005/11/17 14:21:53, 3] smbd/server.c:exit_server(652)
>   Server exit (normal exit)
> 
> I need help fixing this.  The goal is to have a Samba PDC server that will
> authenticate both windwos and linux clients using the same password. 
> Windows clients rely on the samba PDC for user info, authentication, user
> network shares, etc.  And Linux clients rely on ldap for user info
> (/etc/password type stuff), nfs for access to user network share, and samba
> for authentication.  This setup works on our old platform; RH9, samba
> 2.something, ldapV2.2.13 but I cannot get smb auth to work for the linux
> clients.
> 
> Any help?
> 
> My apologies for poor etiquette in posting this to
> samba-technical at lists.samba.org and samba at lists.samba.org
> 
> Thanks,
> 


The error is generated from smbd/connection.c:

  Delete a connection record.
****************************************************************************/

BOOL yield_connection(connection_struct *conn, const char *name)
{
         struct connections_key key;
         TDB_DATA kbuf;

         if (!tdb)
                 return False;

         DEBUG(3,("Yielding connection to %s\n",name));

         make_conn_key(conn, name, &kbuf, &key);

         if (tdb_delete(tdb, kbuf) != 0) {
                 int dbg_lvl = (!conn && (tdb_error(tdb) == 
TDB_ERR_NOEXIST)) ? 3
: 0;
                 DEBUG(dbg_lvl,("yield_connection: tdb_delete for name 
%s failed
with error %s.\n",
                         name, tdb_errorstr(tdb) ));
                 return (False);
         }

         return(True);
}



You Will notice that %s does not have any value listed when it is 
printed ot the log file...

More information about the samba-technical mailing list