[Samba] PAM rlogin Winbind - Solaris - NT Domain

Sundaram Ramasamy sun at percipia.com
Wed Dec 11 14:40:01 GMT 2002


I am trying to install winbind PAM on my Solaris 8 machine. The Samba server
has been added to the domain as a member
server, and things, like getent passwd and group actually work and showing the
NT domain accounts .

Since its production machine  first I  want to enable winbind authentication
for rloing module. I made change in my /etc/pam.conf.  But I was not able to
login. Same configuration  works in Linux machine.

I am attaching my configuration files. please help me


$ rlogin techgroup+guest at
Login incorrect
rlogin: connection closed.

bash-2.03# ls /export/home/guest

 tail -f /var/adm/messages
Dec 10 09:26:03 pnet login[1622]: [ID 468494 auth.crit] login account failure:
No account present for user

bash-2.03#  /usr/local/samba/bin/wbinfo -t
Secret is good

Solaris 8
Samba 2.2.7 compiled --with-pam --with-winbind

more /etc/nsswitch.conf

passwd:     files winbind
group:      files winbind


#   printing = bsd
#   printcap name = /etc/printcap
#   load printers = yes
   guest account = pcguest

    workgroup = TECHGROUP
    #security = Share
    security = DOMAIN
   password server = enterprise
    hosts allow = localhost, pnet,, 192.168.1.
    hosts deny = All

    # use uids from 10000 to 20000 for domain users
    winbind uid = 10000-20000

    # use gids from 10000 to 20000 for domain groups
    winbind gid = 10000-20000

    # allow enumeration of winbind users and groups
    winbind enum users = yes
    winbind enum groups = yes

    # give winbind users a real shell (only needed if
    # they have telnet access)
    template homedir = /export/home/%U
    #template homedir = /home/%U
    template shell = /bin/bash
        winbind separator = +

        wins support = no
        wins server =
        name resolve order = hosts lmhosts  bcast

;  This next option sets a separate log file for each client. Remove
;  it if you want a combined log file.
        log file = /var/log/log.%m
        log level = 2

;  You will need a world readable lock directory and "share modes=yes"
;  if you want to support the file sharing modes for multiple users
;  of the same files
  lock directory = /usr/local/samba/var/locks
  share modes = yes

   comment = Home Directories
   browseable = no
   read only = no
   create mode = 0750

   comment = All Printers
   browseable = no
   printable = yes
   public = no
   writable = no
   create mode = 0700

        path = /export/home/share
        comment = Solaris share
        guest ok = Yes
        read only = No

bash-2.03# more /etc/pam.conf
#ident  "@(#)pam.conf   1.14    99/09/16 SMI"
# Copyright (c) 1996-1999, Sun Microsystems, Inc.
# All Rights Reserved.
# PAM configuration
# Authentication management
login   auth required   /usr/lib/security/$ISA/pam_unix.so.1
login   auth required   /usr/lib/security/$ISA/pam_dial_auth.so.1

rlogin  auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin  auth sufficient /usr/lib/security/pam_winbind.so debug
rlogin  auth required   /usr/lib/security/$ISA/pam_unix.so.1  try_first_pass
dtlogin auth required   /usr/lib/security/$ISA/pam_unix.so.1
rsh     auth required   /usr/lib/security/$ISA/pam_rhosts_auth.so.1
other   auth required   /usr/lib/security/$ISA/pam_unix.so.1
# Account management
login   account requisite       /usr/lib/security/$ISA/pam_roles.so.1
login   account required        /usr/lib/security/$ISA/pam_unix.so.1
dtlogin account requisite       /usr/lib/security/$ISA/pam_roles.so.1
dtlogin account required        /usr/lib/security/$ISA/pam_unix.so.1
other   account requisite       /usr/lib/security/$ISA/pam_roles.so.1
other   account required        /usr/lib/security/$ISA/pam_unix.so.1
# Session management
other   session required        /usr/lib/security/$ISA/pam_unix.so.1
# Password management
other   password required       /usr/lib/security/$ISA/pam_unix.so.1
dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#rlogin auth optional   /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#login  auth optional   /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin        auth optional   /usr/lib/security/$ISA/pam_krb5.so.1
#other  auth optional   /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin        account optional /usr/lib/security/$ISA/pam_krb5.so.1
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the samba mailing list