[Samba] PAM problem with Samba and Winbind (on Solaris 2.8)

Hsu, Cheng (Consultant) CHsu at us.nomura.com
Tue Dec 24 17:15:09 GMT 2002

I am having a problem getting samba and winbind to work correctly.

I installed Samba 2.2.7a  (which includes Winbind, because I compiled the 
source code with  "./configure   --with-winbind" ) on a Solaris 2.8 server.

On solaris 2.8 server, I joined a PDC successfully, and I can see all unix 
and PDC user accounts using:

	/usr/local/samba/bin/wbinfo -u

and, I can see all unix and PDC groups using:

	/usr/local/samba/bin/wbinfo -g

and, I can see my own NT account using "getent", as:

./getent passwd chsu

the output is:

chsu:x:80235:80000:Cheng Hsu:/home/CORP/chsu:/bin/sh

This means winbind is able to see my NT account.  But I cannot
see the encrypted password even when I executed the command as 
root on Solaris 2.8.  (Is this normal?)

And, on the solaris 2.8 server, I login as root,  I can do "su - chsu",
and it does place me into my home dir /home/CORP/chsu.

I tried to verify if I can login to Solaris box using my NT account by
doing a "telnet localhost" on the Solaris box.   The system just
won't let me login (after I entered my login and password).    
I guess this must be related to the PAM configuration.
I put only two lines in /etc/pam.conf, one in the "login" section,
and the other in the "rlogin" section.    Is this correct ?

#ident  "@(#)pam.conf 1.19     95/11/30 SMI"
# PAM configuration
# Authentication management
login   auth sufficient /usr/lib/security/pam_winbind.so debug
login   auth required   /usr/lib/security/pam_unix.so.1
login   auth required   /usr/lib/security/pam_dial_auth.so.1
rlogin   auth sufficient /usr/lib/security/pam_winbind.so debug
rlogin  auth sufficient /usr/lib/security/pam_rhosts_auth.so.1
rlogin  auth required   /usr/lib/security/pam_unix.so.1

According to Solaris 2.8 man pages on "pam.conf", the "sufficent" means
if I can get authenticated in /usr/lib/security/pam_winbind.so debug,
then I will be able to get in.   Is this correct ?

My simple question is --
  Solaris 2.8 knows my NT account through Samba and Winbind,
  why can't I login ?

One thing that worth mentioning, when I compiled the 
pam_winbind.so library using "make nsswitch/pam_winbind.so",
I did see some warning messages.

Cheng Hsu
-----  This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission. If
you receive this message in error, please delete it and all copies from your
system, destroy any hard copies and notify the sender. You must not,
directly or indirectly, use, disclose, distribute, print, or copy any part
of this message if you are not the intended recipient. Nomura Holding
America Inc., Nomura Securities International, Inc, and their respective
subsidiaries each reserve the right to monitor all e-mail communications
through its networks. Any views expressed in this message are those of the
individual sender, except where the message states otherwise and the sender
is authorized to state the views of such entity. Unless otherwise stated,
any pricing information in this message is indicative only, is subject to
change and does not constitute an offer to deal at any price quoted. Any
reference to the terms of executed transactions should be treated as
preliminary only and subject to our formal written confirmation.
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the samba mailing list