[Samba] PAM problem with Samba and Winbind (on Solaris 2.8)
Hsu, Cheng (Consultant)
CHsu at us.nomura.com
Tue Dec 24 17:15:09 GMT 2002
I am having a problem getting samba and winbind to work correctly.
I installed Samba 2.2.7a (which includes Winbind, because I compiled the
source code with "./configure --with-winbind" ) on a Solaris 2.8 server.
On solaris 2.8 server, I joined a PDC successfully, and I can see all unix
and PDC user accounts using:
/usr/local/samba/bin/wbinfo -u
and, I can see all unix and PDC groups using:
/usr/local/samba/bin/wbinfo -g
and, I can see my own NT account using "getent", as:
./getent passwd chsu
the output is:
chsu:x:80235:80000:Cheng Hsu:/home/CORP/chsu:/bin/sh
This means winbind is able to see my NT account. But I cannot
see the encrypted password even when I executed the command as
root on Solaris 2.8. (Is this normal?)
And, on the solaris 2.8 server, I login as root, I can do "su - chsu",
and it does place me into my home dir /home/CORP/chsu.
I tried to verify if I can login to Solaris box using my NT account by
doing a "telnet localhost" on the Solaris box. The system just
won't let me login (after I entered my login and password).
I guess this must be related to the PAM configuration.
I put only two lines in /etc/pam.conf, one in the "login" section,
and the other in the "rlogin" section. Is this correct ?
----------------------------------------------------------------------------
-----------------
#ident "@(#)pam.conf 1.19 95/11/30 SMI"
#
# PAM configuration
#
# Authentication management
#
login auth sufficient /usr/lib/security/pam_winbind.so debug
login auth required /usr/lib/security/pam_unix.so.1
login auth required /usr/lib/security/pam_dial_auth.so.1
#
rlogin auth sufficient /usr/lib/security/pam_winbind.so debug
rlogin auth sufficient /usr/lib/security/pam_rhosts_auth.so.1
rlogin auth required /usr/lib/security/pam_unix.so.1
----------------------------------------------------------------------------
-------------
According to Solaris 2.8 man pages on "pam.conf", the "sufficent" means
if I can get authenticated in /usr/lib/security/pam_winbind.so debug,
then I will be able to get in. Is this correct ?
My simple question is --
Solaris 2.8 knows my NT account through Samba and Winbind,
why can't I login ?
One thing that worth mentioning, when I compiled the
pam_winbind.so library using "make nsswitch/pam_winbind.so",
I did see some warning messages.
Cheng Hsu
----- This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission. If
you receive this message in error, please delete it and all copies from your
system, destroy any hard copies and notify the sender. You must not,
directly or indirectly, use, disclose, distribute, print, or copy any part
of this message if you are not the intended recipient. Nomura Holding
America Inc., Nomura Securities International, Inc, and their respective
subsidiaries each reserve the right to monitor all e-mail communications
through its networks. Any views expressed in this message are those of the
individual sender, except where the message states otherwise and the sender
is authorized to state the views of such entity. Unless otherwise stated,
any pricing information in this message is indicative only, is subject to
change and does not constitute an offer to deal at any price quoted. Any
reference to the terms of executed transactions should be treated as
preliminary only and subject to our formal written confirmation.
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the samba
mailing list