Winbind, RedHat 7.1, Pam 0.74-22 ohh so close to working

Rafael rafiros at posgrad.nce.ufrj.br
Thu Oct 25 09:12:02 GMT 2001 

Hi, again,

            My problem is that i can see the domain users with getent and
wbinfo, but the login is not granted and the message in the
/var/log/messages is "User not known to the underlying authentication
module".
            I don't know, but i don't believe it's a pam problem. Does
anyone know or have a hunt???

Rafael



----- Original Message -----
From: "Rafael" <rafiros at posgrad.nce.ufrj.br>
To: <rafiros at posgrad.nce.ufrj.br>
Sent: Thursday, October 25, 2001 1:07 AM
Subject: Fwd: RE: Winbind, RedHat 7.1, Pam 0.74-22 ohh so close to working


> ==================BEGIN FORWARDED MESSAGE==================
> >Received: from lists.samba.org (unverified [198.186.203.85]) by
servpos1.posgrad.nce.ufrj.br
> > (EMWAC SMTPRS 0.83) with SMTP id
<B0004182829 at servpos1.posgrad.nce.ufrj.br>;
> > Wed, 24 Oct 2001 15:44:05 -0300
> >Received: from va.samba.org (localhost [127.0.0.1])
> > by lists.samba.org (Postfix) with ESMTP
> > id 1787A5115; Wed, 24 Oct 2001 10:41:38 -0700 (PDT)
> >Delivered-To: samba at lists.samba.org
> >Received: from hqsmtp.mks.com (hqsmtp.mks.com [198.73.192.3])
> > by lists.samba.org (Postfix) with ESMTP id 112BF50CA
> > for <samba at lists.samba.org>; Wed, 24 Oct 2001 10:40:23 -0700 (PDT)
> >Message-ID: <610C0DAE7B14D31193A90060943F3D0A052E5A78 at hqntexch.mks.com>
> >From: Adam Ranville <adam at mks.com>
> >To: samba at lists.samba.org
> >Subject: RE: Winbind, RedHat 7.1, Pam 0.74-22 ohh so close to working
> >MIME-Version: 1.0
> >X-Mailer: Internet Mail Service (5.5.2653.19)
> >Content-Type: text/plain;
> > charset="iso-8859-1"
> >Sender: samba-admin at lists.samba.org
> >Errors-To: samba-admin at lists.samba.org
> >X-BeenThere: samba at lists.samba.org
> >X-Mailman-Version: 2.0.6
> >Precedence: bulk
> >List-Help: <mailto:samba-request at lists.samba.org?subject=help>
> >List-Post: <mailto:samba at lists.samba.org>
> >List-Subscribe: <http://lists.samba.org/mailman/listinfo/samba>,
> > <mailto:samba-request at lists.samba.org?subject=subscribe>
> >List-Id: General questions regarding Samba <samba.lists.samba.org>
> >List-Unsubscribe: <http://lists.samba.org/mailman/listinfo/samba>,
> > <mailto:samba-request at lists.samba.org?subject=unsubscribe>
> >List-Archive: <http://lists.samba.org/pipermail/samba/>
> >X-Original-Date: Wed, 24 Oct 2001 13:41:48 -0400
> >Date: Wed, 24 Oct 2001 13:41:48 -0400
> >
>
> [root at hqnis1 pam.d]# getent passwd MKS\\adam
> MKS\adam:x:10002:10000:Adam Ranville:/home/MKS/adam:/bin/bash
>
> Seems to be in order... I created /home/MKS.Wish the logs could give me an
> area to work on.
>
> Adam
> -----Original Message-----
> From: Rogelio J. Baucells [mailto:rogelio at ats-corp.com]
> Sent: Wednesday, October 24, 2001 1:21 PM
> To: Adam Ranville
> Cc: samba at lists.samba.org
> Subject: RE: Winbind, RedHat 7.1, Pam 0.74-22 ohh so close to working
>
>
> I had that problem before and was the "template shell".
>
> Check it is getting that value with:
>
> getent passwd DOMAIN\\username
>
> it should say the shell at the end of the line
>
>
> Rogelio J.
>
> -----Original Message-----
> From: Adam Ranville [mailto:adam at mks.com]
> Sent: Wednesday, October 24, 2001 1:16 PM
> To: samba at lists.samba.org
> Subject: RE: Winbind, RedHat 7.1, Pam 0.74-22 ohh so close to working
>
>
>
> I did put the template shell line in before, it hasn't really changed
> anything.
> /usr/local/samba/lib/smb.conf:
> template shell = /bin/bash
>
> I added "session     optional      /lib/security/pam_mkhomedir.so
> umask=0077"
>
> Still no luck, it just pauses then closes the session.
>
> Adam
> -----Original Message-----
> From: Rogelio J. Baucells [mailto:rogelio at ats-corp.com]
> Sent: Wednesday, October 24, 2001 1:04 PM
> To: samba at lists.samba.org
> Subject: RE: Winbind, RedHat 7.1, Pam 0.74-22 ohh so close to working
>
>
> Did you change the "template shell" to "bin/bash" or another shell?
>
> If you want to create the home dir on the fly, try this
>
> session     optional      /lib/security/pam_mkhomedir.so umask=0077
>
> in your system-auth
>
> It is working for me without any problem in my RH 7.0 and 7.1 boxes
>
> Rogelio J.
>
> -----Original Message-----
> From: Adam Ranville [mailto:adam at mks.com]
> Sent: Wednesday, October 24, 2001 12:45 PM
> To: Samba (E-mail)
> Subject: RE: Winbind, RedHat 7.1, Pam 0.74-22 ohh so close to working
>
>
> Well that seems to have moved me one step closer. I now get a
> positive authentication not in /var/messages but it just hangs after I
> input
> the password. Missing a home directory? Invalid shell maybe? I checked
> the
> logs and I've been getting nothing negative.
>
> Almost there...
>
> Adam
>
> tail /var/log/messages:
> Oct 24 12:36:19 hqnis1 pam_winbind[1552]: user 'MKS\adam'
> granted
> acces
>
>
> /etc/pam.d/system-auth:
>
> auth      sufficient    /lib/security/pam_winbind.so
> auth        sufficient    /lib/security/pam_unix.so likeauth nullok md5
> shadow use_first_pass
> auth        required      /lib/security/pam_deny.so
> account     sufficient    /lib/security/pam_unix.so
> account     sufficient  /lib/security/pam_winbind.so
> account     required      /lib/security/pam_deny.so
> password    required      /lib/security/pam_cracklib.so retry=3
> password    sufficient    /lib/security/pam_unix.so nullok use_authtok
> md5
> shadow
> password    required      /lib/security/pam_deny.so
> session     required      /lib/security/pam_limits.so
> session     required      /lib/security/pam_unix.so
>
>
> -----Original Message-----
> From: Anthony J. Breeds-Taurima [mailto:tony at cantech.net.au]
> Sent: Tuesday, October 23, 2001 10:00 PM
> To: Adam Ranville
> Cc: Samba (E-mail)
> Subject: RE: Winbind, RedHat 7.1, Pam 0.74-22 ohh so close to working
>
>
> On Tue, 23 Oct 2001, Adam Ranville wrote:
>
> > original file.
>
> Thanks.
>
> > I can access a share without domain\username and it works fine.
> Do I
> > require domain\(or +) username for telnet? I have tried that as well.
>
> Yes you will need to login as:
> DOMAIN\user   (or DOMAIN+user)
>
> > With the attempted system-auth it would kick me out right after
> > entering the login. It doesn't even prompt for a password. (single
> user
> got
> > me out of it).
> >
> > Thanks for the help,
> >
> > Adam
> >
> > attempted /etc/pam.d/system-auth:
>
> <snip>
>
> > account     required      /lib/security/pam_deny.so
> > account     required      /lib/security/pam_winbind.so
>
> Like Andrew said swap these 2 lines and you should be happy.
>
> Yours Tony.
>
> /*
>  * "The significant problems we face cannot be solved at the
>  * same level of thinking we were at when we created them."
>  * --Albert Einstein
>  */
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
> ===================END FORWARDED MESSAGE===================
>
>
>

More information about the samba mailing list