Samba4, pam_winbind authentication fails

smolik petr at smoliku.cz
Wed Aug 3 04:24:29 MDT 2011


Hi all,

I have running Samba4 server (latest git version) on my Debian 6.0 system.
Works me kerberos authentications, shares and successfully configured
winbind and pam_winbind. It seems to I am happy, but :)

I run on one client station Thunderbird, which is configured for two
accounts. Imap server is Courier. After this scenario, pam_winbind fails. I
am not able login like AD user by using pamwinbind authentication.

smolik at 1zsve-gw:~$ su jfaflik
Password:
Access is denied

Before it woks. wbinfo -u works, I am able login into domain by kerberos
only pam_winbind doesn't works.

auth.log looks:

Aug  3 02:15:54 1zsve-gw su[3273]: Successful su for 1ZSVE-DOM\jfaflik by
smolik                                                                                                                                  
Aug  3 02:15:54 1zsve-gw su[3273]: + /dev/pts/1 smolik:1ZSVE-DOM\jfaflik                                                                                                                                          
Aug  3 02:15:54 1zsve-gw su[3273]: pam_unix(su:session): session opened for
user 1ZSVE-DOM\jfaflik by smolik(uid=1000)                                                                                            
Aug  3 02:15:58 1zsve-gw su[3273]: pam_unix(su:session): session closed for
user 1ZSVE-DOM\jfaflik                                                                                                                
Aug  3 02:16:11 1zsve-gw authdaemond: pam_winbind(imap:auth): getting
password (0x00000000)                                                                                                                        
Aug  3 02:16:11 1zsve-gw authdaemond: pam_winbind(imap:auth): user 'jfaflik'
granted access                                                                                                                        
Aug  3 02:16:11 1zsve-gw authdaemond: pam_winbind(imap:account): user
'1ZSVE-DOM\jfaflik' granted access                                                                                                          
Aug  3 02:16:12 1zsve-gw authdaemond: pam_winbind(imap:auth): getting
password (0x00000000)                                                                                                                        
Aug  3 02:16:12 1zsve-gw authdaemond: pam_winbind(imap:auth): user 'jfaflik'
granted access                                                                                                                        
Aug  3 02:16:12 1zsve-gw authdaemond: pam_winbind(imap:account): user
'1ZSVE-DOM\jfaflik' granted access                                                                                                          
Aug  3 02:16:13 1zsve-gw authdaemond: pam_winbind(imap:auth): getting
password (0x00000000)                                                                                                                        
Aug  3 02:16:13 1zsve-gw authdaemond: pam_winbind(imap:auth): user 'jfaflik'
granted access                                                                                                                        
Aug  3 02:16:13 1zsve-gw authdaemond: pam_winbind(imap:account): user
'1ZSVE-DOM\jfaflik' granted access                                                                                                          
Aug  3 02:17:01 1zsve-gw CRON[3329]: pam_unix(cron:session): session opened
for user root by (uid=0)                                                                                                              
Aug  3 02:17:01 1zsve-gw CRON[3329]: pam_unix(cron:session): session closed
for user root                                                                                                                          
Aug  3 02:17:03 1zsve-gw authdaemond: pam_winbind(imap:auth): getting
password (0x00000000)                                                                                                                        
Aug  3 02:17:03 1zsve-gw authdaemond: pam_winbind(imap:auth): getting
password (0x00000000)                                                                                                                        
Aug  3 02:17:03 1zsve-gw authdaemond: pam_winbind(imap:auth): request
wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_SYSTEM_ERR (4),
NTSTATUS: NT_STATUS_ACCESS_DENIED, Error message was: Access denied  
Aug  3 02:17:03 1zsve-gw authdaemond: pam_winbind(imap:auth): internal
module error (retval = PAM_SYSTEM_ERR(4), user = 'jfaflik')                                                                                
Aug  3 02:17:03 1zsve-gw authdaemond: pam_winbind(imap:auth): request
wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_SYSTEM_ERR (4),
NTSTATUS: NT_STATUS_ACCESS_DENIED, Error message was: Access denied  
Aug  3 02:17:03 1zsve-gw authdaemond: pam_winbind(imap:auth): internal
module error (retval = PAM_SYSTEM_ERR(4), user = 'skola')                                                                                  
Aug  3 02:17:03 1zsve-gw authdaemond: pam_unix(imap:auth): authentication
failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=skola                                                                            
Aug  3 02:17:03 1zsve-gw authdaemond: pam_unix(imap:auth): authentication
failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=jfaflik                                                                          
Aug  3 02:17:59 1zsve-gw su[3338]: pam_winbind(su:auth): getting password
(0x00000000)                                                                                                                            
Aug  3 02:18:01 1zsve-gw su[3338]: pam_winbind(su:auth): request
wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_SYSTEM_ERR (4),
NTSTATUS: NT_STATUS_ACCESS_DENIED, Error message was: Access denied      
Aug  3 02:18:01 1zsve-gw su[3338]: pam_winbind(su:auth): internal module
error (retval = PAM_SYSTEM_ERR(4), user = 'jfaflik')                                                                                      
Aug  3 02:18:01 1zsve-gw su[3338]: pam_unix(su:auth): authentication
failure; logname=smolik uid=1000 euid=0 tty=/dev/pts/1 ruser=smolik rhost= 
user=jfaflik                                                      
Aug  3 02:18:03 1zsve-gw su[3338]: pam_authenticate: Authentication failure                                                                                                                                        
Aug  3 02:18:03 1zsve-gw su[3338]: FAILED su for jfaflik by smolik  

seems to me that same problem was solved also here:
http://ubuntuforums.org/showthread.php?t=1364288

thanks for any help. 

--
View this message in context: http://samba.2283325.n4.nabble.com/Samba4-pam-winbind-authentication-fails-tp3714981p3714981.html
Sent from the Samba - samba-technical mailing list archive at Nabble.com.


More information about the samba-technical mailing list