[Samba] Winbind breaking my head ...

Jonathan Dean jon.dean at deanuk.net
Mon Sep 16 11:32:01 GMT 2002 

Looks like you've got a typo. See below:

At 12:28 16/09/2002 +0100, Ash Green wrote:

>Hi,
>
>I've been fighting with winbind for about 3 weeks now trying to get the 
>damn thing to work properly, and I'm within a gnat's whisker of getting it 
>going, but there's something I'm missing.  Please - has someone got 
>winbind working out there?!?!
>
>I'm running a RH 7.3, with the latest version of Samba from samba.org 
>installed, and the installation included the -with-winbind flag.
>
>I can retrieve user & group lists from my NT4 PDC, but when I try to 
>authenticate via wbinfo I get :
>
>[ash at LTSP ash]$ wbinfo -a DOMAIN+test%tester
>plaintext password authentication succeeded
>challenge/response password authentication failed
>Could not authenticate user DOMAIN+test%tester with challenge/response
>
>The contents of my login file (in /etc/pam.d) are :
>auth       required /lib/security/pam_securetty.so
>auth       required /lib/security/pam_nologin.so
>auth       sufficient   /lib/security/pam_winbind.so
>auth       suffieient   /lib/security/pam_unix.so shadow nullok 
>use_first_pass

Don't know whether this is just a typo in the email but in the line above 
you've got 'suffieient', surely this should be 'sufficient'.

>auth       required  ib/security/pam_stack.so service=system-auth.so
>account sufficient /lib/security/pam_winbind.so
>#account    required /lib/security/pam_stack.so service=system-auth
>password   required /lib/security/pam_stack.so service=system-auth
>session    required /lib/security/pam_stack.so service=system-auth
>session    optional /lib/security/pam_console.so
>
>The output from running /usr/sbin/winbindd -d 3 -I gives :
>
>[23640]: pam auth DOMAIN+test
>domain_client_validate: User passwords not in encrypted format.
>resolve_lmhosts: Attempting lmhosts lookup for name LATHOM<0x20>
>getlmhostsent: lmhost entry: 127.0.0.1 localhost
>resolve_hosts: Attempting host lookup for name LATHOM<0x20>
>Connecting to 10.79.24.2 at port 445
>error connecting to 10.79.24.2:445 (Connection refused)
>Connecting to 10.79.24.2 at port 139
>cli_net_req_chal: LSA Request Challenge from LATHOM to LTSP: 0F1C330505E2807F
>cred_session_key
>cred_create
>cli_net_auth2: srv:\\LATHOM acct:LTSP$ sc:2 mc: LTSP chal 616462812AF3EF3C 
>neg:
>1ff
>cred_create
>cred_assert
>cred_create
>cli_net_sam_logon_internal: srv:\\LATHOM mc:LTSP clnt 70CA14C59F5F73CF 
>3d85a543
>ll: 2
>cred_create
>cred_assert
>
>(I'm slightly worried about that first entry, as smb.conf has encrypted 
>passwords=yes 
)
>And (nearly done) the dump in the messages file gives me :
>Sep 16 09:43:29 LTSP pam_winbind[23713]: user 'DOMAIN+test' granted access
>Sep 16 09:43:29 LTSP login[23713]: Permission denied
>
>It seems as though the winbind part is working fine, but some of the 
>following modules are forcing it to reject the login.  I've toyed with 
>using the 'optional' flags on the pam_stack and pam_unix.so auth 
>statements, but just succeeded in locking myself out.
>
>Any ideas?  I've got this demon lab that's working ace, but can't let the 
>kids onto it yet as I've no time to manage 2 sets of login details.
>
>The only other thought I had at the end of last week was whether my PDC 
>was supporting challenge/response - although I am led to believe that this 
>is the default for NT.  I've double checked and this seems to be working fine.
>
>Any ideas?
>
>Cheers,
>
>Ash
>
>*************
>Ash Green
>ICT Project Development Co-ordinator
>Lathom High School
>Glenburn Road
>Skelmersdale
>WN8 6JN
>01695.725653
>*************

---
Jonathan Dean
jon.dean at deanuk.net     www.jondean.com

Dept. Computer Science, University of Exeter, UK.
j.s.dean at ex.ac.uk     www.dcs.ex.ac.uk

Network Manager, Dean UK Networks.
root at deanuk.net     www.deanuk.net
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the samba mailing list