Samba4, pam_winbind authentication fails
smolik
petr at smoliku.cz
Wed Aug 3 04:24:29 MDT 2011
Hi all,
I have running Samba4 server (latest git version) on my Debian 6.0 system.
Works me kerberos authentications, shares and successfully configured
winbind and pam_winbind. It seems to I am happy, but :)
I run on one client station Thunderbird, which is configured for two
accounts. Imap server is Courier. After this scenario, pam_winbind fails. I
am not able login like AD user by using pamwinbind authentication.
smolik at 1zsve-gw:~$ su jfaflik
Password:
Access is denied
Before it woks. wbinfo -u works, I am able login into domain by kerberos
only pam_winbind doesn't works.
auth.log looks:
Aug 3 02:15:54 1zsve-gw su[3273]: Successful su for 1ZSVE-DOM\jfaflik by
smolik
Aug 3 02:15:54 1zsve-gw su[3273]: + /dev/pts/1 smolik:1ZSVE-DOM\jfaflik
Aug 3 02:15:54 1zsve-gw su[3273]: pam_unix(su:session): session opened for
user 1ZSVE-DOM\jfaflik by smolik(uid=1000)
Aug 3 02:15:58 1zsve-gw su[3273]: pam_unix(su:session): session closed for
user 1ZSVE-DOM\jfaflik
Aug 3 02:16:11 1zsve-gw authdaemond: pam_winbind(imap:auth): getting
password (0x00000000)
Aug 3 02:16:11 1zsve-gw authdaemond: pam_winbind(imap:auth): user 'jfaflik'
granted access
Aug 3 02:16:11 1zsve-gw authdaemond: pam_winbind(imap:account): user
'1ZSVE-DOM\jfaflik' granted access
Aug 3 02:16:12 1zsve-gw authdaemond: pam_winbind(imap:auth): getting
password (0x00000000)
Aug 3 02:16:12 1zsve-gw authdaemond: pam_winbind(imap:auth): user 'jfaflik'
granted access
Aug 3 02:16:12 1zsve-gw authdaemond: pam_winbind(imap:account): user
'1ZSVE-DOM\jfaflik' granted access
Aug 3 02:16:13 1zsve-gw authdaemond: pam_winbind(imap:auth): getting
password (0x00000000)
Aug 3 02:16:13 1zsve-gw authdaemond: pam_winbind(imap:auth): user 'jfaflik'
granted access
Aug 3 02:16:13 1zsve-gw authdaemond: pam_winbind(imap:account): user
'1ZSVE-DOM\jfaflik' granted access
Aug 3 02:17:01 1zsve-gw CRON[3329]: pam_unix(cron:session): session opened
for user root by (uid=0)
Aug 3 02:17:01 1zsve-gw CRON[3329]: pam_unix(cron:session): session closed
for user root
Aug 3 02:17:03 1zsve-gw authdaemond: pam_winbind(imap:auth): getting
password (0x00000000)
Aug 3 02:17:03 1zsve-gw authdaemond: pam_winbind(imap:auth): getting
password (0x00000000)
Aug 3 02:17:03 1zsve-gw authdaemond: pam_winbind(imap:auth): request
wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_SYSTEM_ERR (4),
NTSTATUS: NT_STATUS_ACCESS_DENIED, Error message was: Access denied
Aug 3 02:17:03 1zsve-gw authdaemond: pam_winbind(imap:auth): internal
module error (retval = PAM_SYSTEM_ERR(4), user = 'jfaflik')
Aug 3 02:17:03 1zsve-gw authdaemond: pam_winbind(imap:auth): request
wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_SYSTEM_ERR (4),
NTSTATUS: NT_STATUS_ACCESS_DENIED, Error message was: Access denied
Aug 3 02:17:03 1zsve-gw authdaemond: pam_winbind(imap:auth): internal
module error (retval = PAM_SYSTEM_ERR(4), user = 'skola')
Aug 3 02:17:03 1zsve-gw authdaemond: pam_unix(imap:auth): authentication
failure; logname= uid=0 euid=0 tty= ruser= rhost= user=skola
Aug 3 02:17:03 1zsve-gw authdaemond: pam_unix(imap:auth): authentication
failure; logname= uid=0 euid=0 tty= ruser= rhost= user=jfaflik
Aug 3 02:17:59 1zsve-gw su[3338]: pam_winbind(su:auth): getting password
(0x00000000)
Aug 3 02:18:01 1zsve-gw su[3338]: pam_winbind(su:auth): request
wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_SYSTEM_ERR (4),
NTSTATUS: NT_STATUS_ACCESS_DENIED, Error message was: Access denied
Aug 3 02:18:01 1zsve-gw su[3338]: pam_winbind(su:auth): internal module
error (retval = PAM_SYSTEM_ERR(4), user = 'jfaflik')
Aug 3 02:18:01 1zsve-gw su[3338]: pam_unix(su:auth): authentication
failure; logname=smolik uid=1000 euid=0 tty=/dev/pts/1 ruser=smolik rhost=
user=jfaflik
Aug 3 02:18:03 1zsve-gw su[3338]: pam_authenticate: Authentication failure
Aug 3 02:18:03 1zsve-gw su[3338]: FAILED su for jfaflik by smolik
seems to me that same problem was solved also here:
http://ubuntuforums.org/showthread.php?t=1364288
thanks for any help.
--
View this message in context: http://samba.2283325.n4.nabble.com/Samba4-pam-winbind-authentication-fails-tp3714981p3714981.html
Sent from the Samba - samba-technical mailing list archive at Nabble.com.
More information about the samba-technical
mailing list