[Samba] Winbind Problems

Joe Giles jgiles at joeman1.com
Tue Jun 25 10:26:02 GMT 2002


List,

I am new to this list, so please forgive me if this has been mulched over several thousand times. Here is my issues.


1> When doing a getent passwd or group, sometimes it works, some times it doesnt. Meaning, when I issue these commands, sometimes is lists the Domain info and sometimes it just lists the local unix info. This might be a contributing issues for the next problem.

2> I can use winbind info for shares and such, but when I use the PAM_WINBIND.SO to try and authenticate domain users for SSH access, I get an access denied. This is some output from the messages log file...

Jun 25 10:34:53 alblinux sshd(pam_unix)[1564]: check pass; user unknown
Jun 25 10:34:53 alblinux sshd(pam_unix)[1564]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost='ip address'
Jun 25 10:34:53 alblinux pam_winbind[1564]: user 'DOMAIN+username' granted acces
Jun 25 10:36:48 alblinux sshd(pam_unix)[1574]: check pass; user unknown
Jun 25 10:36:48 alblinux sshd(pam_unix)[1574]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost='ip address'
Jun 25 10:36:48 alblinux pam_winbind[1574]: user 'DOMAIN+username' granted acces
Jun 25 10:36:53 alblinux sshd(pam_unix)[1574]: check pass; user unknown
Jun 25 10:36:53 alblinux pam_winbind[1574]: user 'DOMAIN+username' granted acces
Jun 25 10:36:59 alblinux sshd(pam_unix)[1574]: 1 more authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost='ip address'
Jun 25 10:37:20 alblinux login(pam_unix)[1056]: check pass; user unknown
Jun 25 10:37:20 alblinux login(pam_unix)[1056]: authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost= 
Jun 25 10:37:23 alblinux pam_winbind[1056]: user 'DOMAIN+username' granted acces
Jun 25 10:37:25 alblinux login[1056]: FAILED LOGIN 1 FROM (null) FOR DOMAIN+username, Authentication failure
Jun 25 10:37:34 alblinux login(pam_unix)[1056]: check pass; user unknown
Jun 25 10:37:34 alblinux login(pam_unix)[1056]: authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost= 
Jun 25 10:37:36 alblinux pam_winbind[1056]: request failed, PAM error was 4, NT error was NT_STATUS_INVALID_PARAMETER
Jun 25 10:37:36 alblinux pam_winbind[1056]: internal module error (retval = 4, user = `nt username'
Jun 25 10:37:39 alblinux login[1056]: FAILED LOGIN 2 FROM (null) FOR nt username, Authentication failure
Jun 25 10:39:48 alblinux sshd: sshd -TERM succeeded
Jun 25 10:39:48 alblinux sshd:  succeeded
Jun 25 10:40:00 alblinux sshd(pam_unix)[1605]: check pass; user unknown
Jun 25 10:40:00 alblinux sshd(pam_unix)[1605]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost='ip address'
Jun 25 10:40:00 alblinux pam_winbind[1605]: user 'DOMAIN+username' granted acces
Jun 25 10:41:23 alblinux samba(pam_unix)[1625]: session opened for user DOMAIN+username by (uid=0)
Jun 25 10:43:27 alblinux su(pam_unix)[1169]: session closed for user root
Jun 25 10:43:29 alblinux sshd(pam_unix)[1065]: session closed for user 'unix username'

Here is my smb.conf file.

[global]
        smb passwd file = /etc/samba/smbpasswd
        wins server = 'wins ip adrress
        passwd program = /usr/bin/passwd %u
        pam password change = yes
        printing = lprng
        dns proxy = no
        encrypt passwords = yes
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        printcap name = /etc/printcap
        max log size = 0
        preferred master = no
        password server = ALBPDC01
        obey pam restrictions = yes
        passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
        security = domain
        unix password sync = Yes
        server string = ALBLINUX_Samba Server
        workgroup = ALBDOMNT
        netbios name = alblinux
        log file = /var/log/samba/%m.log
        load printers = yes
        os level = 33
     # separate domain and username with '+', like DOMAIN+username
     winbind separator = +
     # use uids from 10000 to 20000 for domain users
     winbind uid = 10000-20000
     # use gids from 10000 to 20000 for domain groups
     winbind gid = 10000-20000
     # allow enumeration of winbind users and groups
     # might need to disable these next two for performance
     # reasons on the winbindd host
     winbind enum users = no
     winbind enum groups = no
     # give winbind users a real shell (only needed if they have               telnet/sshd/etc... access)
     template homedir = /home/winnt/%D/%U
     template shell = /bin/bash


here is my pam.d login and ssh config files

Login: 
#%PAM-1.0
auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
auth       sufficient   /lib/security/pam_winbind.so
account    required     /lib/security/pam_stack.so service=system-auth
account    required     /lib/security/pam_winbind.so
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_console.so

SSHD:
#%PAM-1.0
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
auth       sufficient   /lib/security/pam_winbind.so
account    required     /lib/security/pam_stack.so service=system-auth
account    required     /lib/security/pam_winbind.so
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_limits.so
session    optional     /lib/security/pam_console.so


Hope someone can help... 

Thanks In Advance.

Joe Giles
jgiles at joeman1.com
AOL ID: mcigiles




More information about the samba mailing list