[Samba] Problem with Winbind, logging straight out

Miles Roper mroper at westcoastdhb.org.nz
Tue Oct 15 04:07:05 GMT 2002


Hi All,

I'm trying to get winbind working on a HP-UX 11.0 Box, running Samba 2.5.

It seems to be working, except that when I log into the machine with

DOMAIN+user, ie BLAR+fred

it disconnects the session,

here is the last part of the log report

    0298 auth_resp   : 23baed01
    029c status      : NT_STATUS_OK
Plain-text authenticaion for user WESTCOASTDHB+mroper returned NT_STATUS_OK
(PA)
client_write: wrote 1300 bytes.
read failed on sock 11, pid 6607: EOF


My config file is



[global]

# workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
   workgroup = WESTCOASTDHB

# server string is the equivalent of the NT Description field
   server string = Samba Server

# this tells Samba to use a separate log file for each machine
# that connects
   log file = /usr/local/samba/log.%m

# Put a capping on the size of the log files (in Kb).
   max log size = 1000

# Security mode. Most people will want user level security. See
# security_level.txt for details.
#   security = domain
   security = server
# Use password server option only with security = server or domain
#   password server = *
   password server = coastdb

# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
  encrypt passwords = yes

# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
   socket options = TCP_NODELAY

# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
   local master = no

   username map = /usr/local/samba/lib/users.map

   read only = no
   preserve case = yes
   short preserve case = no
   dos filetime resolution = yes
   syslog = 0

# specify the uid range which can be used by winbindd
# to allocate uids for Windows users as necessary
 winbind uid = 10000-65000

# specify the uid range which can be used by winbindd
# to allocate uids for Windows users as necessary
 winbind gid = 10000-65000

# Define a home directory to be given to passwd(5) style entries
# generated by libnss_winbind.so.  You can use variables here
 template homedir = /home/%U

# Specify a shell for all winbind user entries return by the
# libnss_winbind.so library.
 template shell = /usr/bin/sh

# What character should be used to separate the DOMAIN and Username
# for a Windows user.  The default is DOMAIN\user, but many people
# prefer DOMAIN+user
 winbind separator = +

#============================ Share Definitions
==============================
[homes]
   comment = Home Directories
   browseable = yes
   valid users = lonnie, mroper, cgilmore, CHAMPION, MBELL, mhiggs

# This one is useful for people to share files
[tmp]
   path = /tmp
   valid users = lonnie, mroper, cgilmore


my /etc/pam.conf file is


# Account Management
#
dtaction account  required  /usr/lib/security/libpam_unix.1
dtlogin  account  required  /usr/lib/security/libpam_unix.1
ftp      account  required  /usr/lib/security/libpam_unix.1
login    account  sufficient  /usr/lib/security/libpam_unix.1
login    account  sufficient  /usr/lib/security/pam_winbind.so
su       account  required  /usr/lib/security/libpam_unix.1
OTHER    account  required  /usr/lib/security/libpam_unix.1
#
# Authentication Management
#
dtaction auth  required  /usr/lib/security/libpam_unix.1
dtlogin  auth  required  /usr/lib/security/libpam_unix.1
ftp      auth  required  /usr/lib/security/libpam_unix.1
login    auth  sufficient  /usr/lib/security/libpam_unix.1
login    auth  sufficient  /usr/lib/security/pam_winbind.so
su       auth  required  /usr/lib/security/libpam_unix.1
OTHER    auth  required  /usr/lib/security/libpam_unix.1
#
# Password Management
#
dtaction  password  required  /usr/lib/security/libpam_unix.1
dtlogin   password  required  /usr/lib/security/libpam_unix.1
login     password  sufficient  /usr/lib/security/libpam_unix.1
login     password  sufficient  /usr/lib/security/pam_winbind.so
passwd    password  required  /usr/lib/security/libpam_unix.1
passwd    password  required  /usr/lib/security/pam_winbind.so
OTHER     password  required  /usr/lib/security/libpam_unix.1
#
# Session Management
#
dtaction session  required  /usr/lib/security/libpam_unix.1
dtlogin  session  required  /usr/lib/security/libpam_unix.1
login    session  sufficient  /usr/lib/security/libpam_unix.1
login    session  sufficient  /usr/lib/security/pam_winbind.so
OTHER    session  required  /usr/lib/security/libpam_unix.1


/etc/nsswitch.conf

hosts: dns     [NOTFOUND=continue UNAVAIL=continue TRYAGAIN=continue] files
[N
OTFOUND=return UNAVAIL=continue TRYAGAIN=return]
passwd: files winbind
group: files winbind



Ideas?

Cheers

Miles 



More information about the samba mailing list