[Samba] Cant Log Into Terminal Using Winbind

Joe Giles jgiles at joeman1.com
Tue Jul 9 15:39:19 GMT 2002


Ok, I put it in my sshd and login file like this

SSHD:

#%PAM-1.0
auth       sufficient   /lib/security/pam_winbind.so
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    sufficient   /lib/security/pam_winbind.so
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022
session    required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_limits.so
session    optional     /lib/security/pam_console.so

LOGIN:

#%PAM-1.0
auth       sufficient   /lib/security/pam_winbind.so
auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    sufficient   /lib/security/pam_winbind.so
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_console.so

(NOTE: There is a Line Wrap. The mkhomedir.so line in ONE line in the cfg file)

and Im getting this error in the secure log:

Jul  9 15:59:47 alblinux sshd[6580]: Accepted password for ALBDOMNT+username from 166.41.179.82 port 3017
Jul  9 15:59:47 alblinux sshd[6580]: fatal: PAM session setup failed[6]: Permission denied

Any Thoughts?

Thanks
Joe

> I don't think the template homedir creates the directory for you.
> 
> One option is to have to use PAM, I've never done that before but the
> module name is pam_mkhomedir.
> 
> You probably add something like:
> 
> session    required     /lib/security/pam_mkhomedir.so
> skel=/path/to/skel/files 
> 
> Let me know if it works.
> 
> Good Luck,
> 
> Josh
> 
> 
> -----Original Message-----
> From: Joe Giles [mailto:jgiles at joeman1.com]
> Sent: Tuesday, July 09, 2002 1:42 PM
> To: Konkol, Josh; 'Joe Giles'; samba at lists.samba.org
> Subject: RE: [Samba] Cant Log Into Terminal Using Winbind
> 
> 
> Actually, it is working now.. You are a god :)
> 
> But, How can I get it to create the template directories. I have it set in
> the smb.conf file like this:
> 
> template homedir = /home/winnt/%D/%U
> template shell = /bin/bash
>  
> But when I log it it says this:
> 
> Could not chdir to home directory /home/winnt/MCIDOMNT/username: No such
> file or directory
> bash-2.05a$
> 
> Thanks
> 
> Joe
> 
> > Move:
> > 
> > auth       sufficient   /lib/security/pam_winbind.so
> > 
> > to the top of the auth stack and it should work
> > Josh
> > 
> > -----Original Message-----
> > From: Joe Giles [mailto:jgiles at joeman1.com]
> > Sent: Tuesday, July 09, 2002 1:00 PM
> > To: samba at lists.samba.org
> > Subject: [Samba] Cant Log Into Terminal Using Winbind
> > 
> > 
> > List, 
> > 
> > I am unable to log into a terminal using Winbind service. I have the login
> > file correctly modifyed and nsswitch too. I have the 2.2.5 version of
> SAMBA
> > with the new winbind. SAMBA shares work great, so I think it is something
> > else. I get this error in the messages log:
> > 
> > Jul  9 11:46:01 alblinux sshd(pam_unix)[5463]: check pass; user unknown
> > Jul  9 11:46:01 alblinux sshd(pam_unix)[5463]: authentication failure;
> > logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=...
> > Jul  9 11:46:01 alblinux pam_winbind[5463]: user 'MCIDOMNT+username'
> granted
> > acces
> > Jul  9 11:46:09 alblinux sshd(pam_unix)[5463]: check pass; user unknown
> > 
> > 
> > Here is the login file :
> > 
> > #%PAM-1.0
> > auth       required     /lib/security/pam_securetty.so
> > auth       required     /lib/security/pam_stack.so service=system-auth
> > auth       sufficient   /lib/security/pam_winbind.so
> > auth       required     /lib/security/pam_nologin.so
> > account    sufficient   /lib/security/pam_winbind.so
> > account    required     /lib/security/pam_stack.so service=system-auth
> > password   required     /lib/security/pam_stack.so service=system-auth
> > session    required     /lib/security/pam_stack.so service=system-auth
> > session    optional     /lib/security/pam_console.so
> > 
> > Any Help would be great. Also, all the .so files are inplace and correctly
> > linked. Again, SAMBA shars works great using domain access.
> > 
> > Joe Giles
> > jgiles at joeman1.com
> > AOL ID: mcigiles
> > 
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> > 
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> > 
> 
> 
> 
> Joe Giles
> jgiles at joeman1.com
> AOL ID: mcigiles
> 



Joe Giles
jgiles at joeman1.com
AOL ID: mcigiles




More information about the samba mailing list