[Samba] Help with Winbind

Aaron Bennett aaron.bennett at olin.edu
Wed Feb 19 21:51:07 GMT 2003 

For debugging purposes, put the machine in console mode (init 4 or 
whatever, just kill kdm/xdm/kdm), and modify /etc/pam.d/login as 
directed in the Howto.  Login is much simpler then gdm, so you don't 
have to worry about multiple levels of pam stuf.

best luck,

Aaron Bennett
UNIX Administrator
Franklin W. Olin College of Engineering

Khanh Tran wrote:
> OK, so I added the lines to /etc/pam.d/gdm file.  It's not a big deal for me
> to re-install RH on this box, so I didn't bother with the telnet test.
> 
> Anyway, I put in my username and password, and get this error:
> Feb 19 14:33:31 Martyr gdm(pam_unix)[835]: authentication failure; logname=
> uid=0 euid=0 tty=:0 ruser=gdm rhost=localhost
> 
> But RH doesn't return to the username prompt, it asks for the password
> again, so I enter the same password again, and get: 
> Feb 19 14:33:45 Martyr pam_winbind[835]: user 'ADMIN+khanh' granted acces
> Feb 19 14:33:45 Martyr gdm(pam_unix)[835]: check pass; user unknown
> Feb 19 14:33:48 Martyr gdm-binary[835]: Couldn't authenticate user
> Feb 19 14:33:48 Martyr gdm(pam_unix)[835]: 1 more authentication failure;
> logname= uid=0 euid=0 tty=:0 ruser=gdm rhost=localhost
> 
> I'm guessing from the error that the box is trying to authenticate the user
> to the local passwd file?  Anyway, thanks again for the help, but any more
> ideas?
> 
> Khanh Tran
> Network Operations
> Sarah Lawrence College
> 
> 
> -----Original Message-----
> From: bin wen [mailto:wen_bin at yahoo.com]
> Sent: Wednesday, February 19, 2003 2:24 PM
> To: Khanh Tran; 'samba at lists.samba.org'
> Subject: RE: [Samba] Help with Winbind
> 
> 
> Looks like you are login through GDM, so you probably
> have to change the /etc/pam/gdm file too. Before you
> do that, you may want to just do a telnet to the RH
> see what happens.
> --- Khanh Tran <khanh at slc.edu> wrote:
> 
>>I changed the pam conf per the 12.5.3.6 section. 
>>Here's what I've got:
>>
>>pam.d/login:
>>#%PAM-1.0
>>auth       required    
>>/lib/security/pam_securetty.so
>>auth       sufficient   /lib/security/pam_winbind.so
>>auth       sufficient   /lib/security/pam_unix.so
>>use_first_pass
>>auth       required     /lib/security/pam_stack.so
>>service=system-auth
>>auth       required     /lib/security/pam_nologin.so
>>account    sufficient   /lib/security/pam_winbind.so
>>account    required     /lib/security/pam_stack.so
>>service=system-auth
>>password   required     /lib/security/pam_stack.so
>>service=system-auth
>>session    required     /lib/security/pam_stack.so
>>service=system-auth
>>session    optional     /lib/security/pam_console.so
>>
>>Khanh Tran
>>Network Operations
>>Sarah Lawrence College
>>
>>
>>-----Original Message-----
>>From: bin wen [mailto:wen_bin at yahoo.com]
>>Sent: Wednesday, February 19, 2003 1:58 PM
>>To: Khanh Tran; 'samba at lists.samba.org'
>>Subject: Re: [Samba] Help with Winbind
>>
>>
>>From your log file, it looks like the RH still uses
>>the pam_unix module to authenticate. Have you
>>changed
>>the pam configuration to use winbindd following the
>>isntruction in section 12.5.3.6 ?
>>--- Khanh Tran <khanh at slc.edu> wrote:
>>
>>>I've been trying for weeks to get winbind working
>>>with RedHat Linux 8.0.
>>>I've got everything setup per the winbind docs on
>>>
>>
> http://www.samba.org/samba/docs/Samba-HOWTO-Collection.html#WINBIND.
> 
>>> 
>>>
>>>I've successfully joined my NT4 domain with
>>>smbpasswd -j DOMAIN -r PDC -U
>>>Administrator.  Running wbinfo -u returns my
>>
>>domain
>>
>>>user list, as well as
>>>wbinfo -g returning my domain groups.  getent
>>
>>passwd
>>
>>>returns the domain user
>>>list in the passwd format, and getent group does
>>
>>the
>>
>>>same.  I've then set up
>>>my /etc/pam.d/login to match the one on the HOWTO.
>>>
>>>The problem is that when I go to login (username:
>>>DOMAIN+user), the
>>>workstation won't log me in.  My messages log
>>>returns only:
>>>
>>>Feb 19 13:20:46 Martyr gdm(pam_unix)[835]: check
>>>pass; user unknown
>>>Feb 19 13:20:46 Martyr gdm(pam_unix)[835]:
>>>authentication failure; logname=
>>>uid=0 euid=0 tty=:0 ruser=gdm rhost=localhost 
>>>Feb 19 13:20:47 Martyr gdm-binary[835]: Couldn't
>>>authenticate user
>>>
>>>Any help is greatly appreciated, and thanks in
>>>advance!
>>>
>>>Khanh Tran
>>>Network Operations
>>>Sarah Lawrence College
>>>
>>>-- 
>>>To unsubscribe from this list go to the following
>>>URL and read the
>>>instructions: 
>>
>>http://lists.samba.org/mailman/listinfo/samba
>>
>>
>>__________________________________________________
>>Do you Yahoo!?
>>Yahoo! Shopping - Send Flowers for Valentine's Day
>>http://shopping.yahoo.com
>>
> 
> 
> 
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Shopping - Send Flowers for Valentine's Day
> http://shopping.yahoo.com
>

More information about the samba mailing list