[Samba] Auth. Failing... Update - NSSwitch

Esh, Andrew AEsh at tricord.com
Thu Feb 14 07:05:28 GMT 2002

Yes. Try checking the PAM setup. I have to assume when you say that you
can't log in via something obvious like telnet, you mean that Windows users
can't log in. If your Unix users can't telnet in, you have bigger problems.

The PAM stack is what controls the logging in of Windows users to Unix
services like telnet. There is a document which describes the installation
of winbindd, and getting it to join a domain. When I first did that, I found
some instructions which helped me get the PAM authentication module working.
Soon afterward, I discovered that PAM isn't part of what I need, so I
removed it. This is why I'm not familiar enough with the PAM setup to step
you through it; I had it working once, but not since then.

-----Original Message-----
From: Helt, John [mailto:JHelt at scrippsnetworks.com]
Sent: Thursday, February 14, 2002 5:14 AM
To: 'Esh, Andrew'; samba at lists.samba.org
Subject: RE: [Samba] Auth. Failing... Update - NSSwitch

Thank you Andrew, you pointed me in the right direction.  Part of what I m
doing to try to get Netatalk to authenticate through Winbind was the

4) to install Winbind files:
cp nsswitch/libnss_winbind.so /lib
# this is the major one - solaris nss is different to linux.
ln -s libnss_winbind.so nss_winbind.so.1
cp nsswitch/pam_winbind.so /lib/security
Once I deleted /lib/libnss_winbind.so & nss_winbind.so.1 I can access the
samba share again from a PC.  I still have no luck with Netatalk, or
anything else Unix related using Winbint (telnet, ftp, etc...)


John Helt 
Systems Administrator 
Scripps Networks 
-----Original Message-----
From: Esh, Andrew [mailto:AEsh at tricord.com]
Sent: Wednesday, February 13, 2002 3:02 PM
To: 'Gerald Carter'; Helt, John
Cc: 'samba at lists.samba.org'; Esh, Andrew
Subject: RE: [Samba] Authentication failing

The wbinfo success shows that winbind is mostly operative. The only other
test I do on winbind is "getent passwd", to make sure the libnss interface
is feeding NSS with the right passwd entries. If the output from that
command contains Windows users, then winbind is operating properly for NSS.
The next thing I'd look at after that is the PAM stack. Maybe the checking
isn't getting as far as netatalk, or winbind? Since I don't use PAM, I can't
help with that. I had PAM working with an earlier version of Samba, so I
know it can be done, but I haven't used it in months.
-----Original Message----- 
From: Gerald Carter [mailto:jerry at samba.org] 
Sent: Wednesday, February 13, 2002 1:42 PM 
To: Helt, John 
Cc: 'samba at lists.samba.org'; aesh at tricord.com 
Subject: Re: [Samba] Authentication failing 

On Wed, 13 Feb 2002, Helt, John wrote: 
> OK, this is becoming frustrating... 
> I had samba 2.2.3a working on Solaris 8.  I could get to the share fine
> my NY login/password (format {domain}\password}  I was trying to get 
> Netatalk to authenticate via Winbindd.  I re-compiled Samba (new ./config 
> --with-pam --with-pam-smbpass --with-winbind and added --with-acl-support.

> wbinfo -u and wbinfo -g work fine 
> Now, I can no longer map the drive.  My smb.conf is still the same.  I 
> removed and re-added to the domain, but no success.  
> log.smbd is as follows: 
> kwsn99# more  /opt/local/samba/var/log.smbd 
> [2002/02/13 13:12:53, 0] smbd/server.c:main(698) 
>   smbd version 2.2.3a started. 
>   Copyright Andrew Tridgell and the Samba Team 1992-2002 
> [2002/02/13 13:22:40, 0] 
> rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(40 
> 6) 
>   cli_net_sam_logon_internal: NT_STATUS_WRONG_PASSWORD 
This may be an unconfirmed bug in Samba 2.2.3a.  My suggestion is 
to try with 2.2.2 until we can resolve (or discount) any 
2.2.3a bugs. 

cheers, jerry 
 Hewlett-Packard                                     http://www.hp.com 
 SAMBA Team                                       http://www.samba.org 
 --                                            http://www.plainjoe.org 
 "Sam's Teach Yourself Samba in 24 Hours" 2ed.      ISBN 0-672-32269-2 
 --"I never saved anything for the swim back." Ethan Hawk in Gattaca-- 
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the samba mailing list