[Samba] Winbind Problems
Joe Giles
jgiles at joeman1.com
Tue Jun 25 10:26:02 GMT 2002
List,
I am new to this list, so please forgive me if this has been mulched over several thousand times. Here is my issues.
1> When doing a getent passwd or group, sometimes it works, some times it doesnt. Meaning, when I issue these commands, sometimes is lists the Domain info and sometimes it just lists the local unix info. This might be a contributing issues for the next problem.
2> I can use winbind info for shares and such, but when I use the PAM_WINBIND.SO to try and authenticate domain users for SSH access, I get an access denied. This is some output from the messages log file...
Jun 25 10:34:53 alblinux sshd(pam_unix)[1564]: check pass; user unknown
Jun 25 10:34:53 alblinux sshd(pam_unix)[1564]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost='ip address'
Jun 25 10:34:53 alblinux pam_winbind[1564]: user 'DOMAIN+username' granted acces
Jun 25 10:36:48 alblinux sshd(pam_unix)[1574]: check pass; user unknown
Jun 25 10:36:48 alblinux sshd(pam_unix)[1574]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost='ip address'
Jun 25 10:36:48 alblinux pam_winbind[1574]: user 'DOMAIN+username' granted acces
Jun 25 10:36:53 alblinux sshd(pam_unix)[1574]: check pass; user unknown
Jun 25 10:36:53 alblinux pam_winbind[1574]: user 'DOMAIN+username' granted acces
Jun 25 10:36:59 alblinux sshd(pam_unix)[1574]: 1 more authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost='ip address'
Jun 25 10:37:20 alblinux login(pam_unix)[1056]: check pass; user unknown
Jun 25 10:37:20 alblinux login(pam_unix)[1056]: authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost=
Jun 25 10:37:23 alblinux pam_winbind[1056]: user 'DOMAIN+username' granted acces
Jun 25 10:37:25 alblinux login[1056]: FAILED LOGIN 1 FROM (null) FOR DOMAIN+username, Authentication failure
Jun 25 10:37:34 alblinux login(pam_unix)[1056]: check pass; user unknown
Jun 25 10:37:34 alblinux login(pam_unix)[1056]: authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost=
Jun 25 10:37:36 alblinux pam_winbind[1056]: request failed, PAM error was 4, NT error was NT_STATUS_INVALID_PARAMETER
Jun 25 10:37:36 alblinux pam_winbind[1056]: internal module error (retval = 4, user = `nt username'
Jun 25 10:37:39 alblinux login[1056]: FAILED LOGIN 2 FROM (null) FOR nt username, Authentication failure
Jun 25 10:39:48 alblinux sshd: sshd -TERM succeeded
Jun 25 10:39:48 alblinux sshd: succeeded
Jun 25 10:40:00 alblinux sshd(pam_unix)[1605]: check pass; user unknown
Jun 25 10:40:00 alblinux sshd(pam_unix)[1605]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost='ip address'
Jun 25 10:40:00 alblinux pam_winbind[1605]: user 'DOMAIN+username' granted acces
Jun 25 10:41:23 alblinux samba(pam_unix)[1625]: session opened for user DOMAIN+username by (uid=0)
Jun 25 10:43:27 alblinux su(pam_unix)[1169]: session closed for user root
Jun 25 10:43:29 alblinux sshd(pam_unix)[1065]: session closed for user 'unix username'
Here is my smb.conf file.
[global]
smb passwd file = /etc/samba/smbpasswd
wins server = 'wins ip adrress
passwd program = /usr/bin/passwd %u
pam password change = yes
printing = lprng
dns proxy = no
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = /etc/printcap
max log size = 0
preferred master = no
password server = ALBPDC01
obey pam restrictions = yes
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
security = domain
unix password sync = Yes
server string = ALBLINUX_Samba Server
workgroup = ALBDOMNT
netbios name = alblinux
log file = /var/log/samba/%m.log
load printers = yes
os level = 33
# separate domain and username with '+', like DOMAIN+username
winbind separator = +
# use uids from 10000 to 20000 for domain users
winbind uid = 10000-20000
# use gids from 10000 to 20000 for domain groups
winbind gid = 10000-20000
# allow enumeration of winbind users and groups
# might need to disable these next two for performance
# reasons on the winbindd host
winbind enum users = no
winbind enum groups = no
# give winbind users a real shell (only needed if they have telnet/sshd/etc... access)
template homedir = /home/winnt/%D/%U
template shell = /bin/bash
here is my pam.d login and ssh config files
Login:
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_winbind.so
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so
SSHD:
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_winbind.so
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_limits.so
session optional /lib/security/pam_console.so
Hope someone can help...
Thanks In Advance.
Joe Giles
jgiles at joeman1.com
AOL ID: mcigiles
More information about the samba
mailing list