[Samba] PAM rlogin Winbind - Solaris - NT Domain

[Sundaram Ramasamy]

Hi,

I am trying to install winbind PAM on my Solaris 8 machine. The Samba server
has been added to the domain as a member
server, and things, like getent passwd and group actually work and showing the
NT domain accounts .


Since its production machine  first I  want to enable winbind authentication
for rloing module. I made change in my /etc/pam.conf.  But I was not able to
login. Same configuration  works in Linux machine.

I am attaching my configuration files. please help me

Thanks
SR


$ rlogin techgroup+guest at 192.168.1.131
Password:
Login incorrect
rlogin: connection closed.


bash-2.03# ls /export/home/guest
bash-2.03#


 tail -f /var/adm/messages
Dec 10 09:26:03 pnet login[1622]: [ID 468494 auth.crit] login account failure:
No account present for user


bash-2.03#  /usr/local/samba/bin/wbinfo -t
Secret is good


***Versions:***
Solaris 8
Samba 2.2.7 compiled --with-pam --with-winbind

more /etc/nsswitch.conf

passwd:     files winbind
group:      files winbind


***smb.conf***

[global]
#   printing = bsd
#   printcap name = /etc/printcap
#   load printers = yes
   guest account = pcguest

    workgroup = TECHGROUP
    #security = Share
    security = DOMAIN
   ENCRYPT PASSWORDS = YES
   password server = enterprise
    hosts allow = localhost, pnet, 192.168.1.140, 192.168.1.
    hosts deny = All

    # use uids from 10000 to 20000 for domain users
    winbind uid = 10000-20000

    # use gids from 10000 to 20000 for domain groups
    winbind gid = 10000-20000

    # allow enumeration of winbind users and groups
    winbind enum users = yes
    winbind enum groups = yes

    # give winbind users a real shell (only needed if
    # they have telnet access)
    template homedir = /export/home/%U
    #template homedir = /home/%U
    template shell = /bin/bash
        winbind separator = +

        wins support = no
        wins server = 192.168.1.135
        name resolve order = hosts lmhosts  bcast


;  This next option sets a separate log file for each client. Remove
;  it if you want a combined log file.
        log file = /var/log/log.%m
        log level = 2


;  You will need a world readable lock directory and "share modes=yes"
;  if you want to support the file sharing modes for multiple users
;  of the same files
  lock directory = /usr/local/samba/var/locks
  share modes = yes

[homes]
   comment = Home Directories
   browseable = no
   read only = no
   create mode = 0750

[printers]
   comment = All Printers
   browseable = no
   printable = yes
   public = no
   writable = no
   create mode = 0700

[share]
        path = /export/home/share
        comment = Solaris share
        guest ok = Yes
        read only = No


bash-2.03# more /etc/pam.conf
#
#ident  "@(#)pam.conf   1.14    99/09/16 SMI"
#
# Copyright (c) 1996-1999, Sun Microsystems, Inc.
# All Rights Reserved.
#
# PAM configuration
#
# Authentication management
#
login   auth required   /usr/lib/security/$ISA/pam_unix.so.1
login   auth required   /usr/lib/security/$ISA/pam_dial_auth.so.1
#

rlogin  auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin  auth sufficient /usr/lib/security/pam_winbind.so debug
rlogin  auth required   /usr/lib/security/$ISA/pam_unix.so.1  try_first_pass
#
dtlogin auth required   /usr/lib/security/$ISA/pam_unix.so.1
#
rsh     auth required   /usr/lib/security/$ISA/pam_rhosts_auth.so.1
other   auth required   /usr/lib/security/$ISA/pam_unix.so.1
#
# Account management
#
login   account requisite       /usr/lib/security/$ISA/pam_roles.so.1
login   account required        /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin account requisite       /usr/lib/security/$ISA/pam_roles.so.1
dtlogin account required        /usr/lib/security/$ISA/pam_unix.so.1
#
other   account requisite       /usr/lib/security/$ISA/pam_roles.so.1
other   account required        /usr/lib/security/$ISA/pam_unix.so.1
#
# Session management
#
other   session required        /usr/lib/security/$ISA/pam_unix.so.1
#
# Password management
#
other   password required       /usr/lib/security/$ISA/pam_unix.so.1
dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1
#
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#
#rlogin auth optional   /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#login  auth optional   /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin        auth optional   /usr/lib/security/$ISA/pam_krb5.so.1
try_first_p
ass
#other  auth optional   /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin        account optional /usr/lib/security/$ISA/pam_krb5.so.1
-------------- next part --------------
HTML attachment scrubbed and removed