[Samba] Authenticating against a Windows 2000 DC?

Andrew Bartlett abartlet at samba.org
Mon Jan 6 07:59:00 GMT 2003


On Sun, 2003-01-05 at 14:38, Chris Palmer wrote:
> Here is some additional information from my /var/log/messages:
> 
> ===
> Jan  4 19:04:07 dev winbind: winbindd startup succeeded
> Jan  4 19:04:08 dev smb: smbd startup succeeded
> Jan  4 19:04:09 dev smb: nmbd startup succeeded
> Jan  4 19:08:22 dev sshd(pam_unix)[935]: session opened for user chris by (uid=0)
> Jan  4 19:08:41 dev pam_winbind[978]: request failed, PAM error was 4, NT error was NT_STATUS_INVALID_PARAMETER
> Jan  4 19:08:41 dev pam_winbind[978]: internal module error (retval = 4, user = `root'
> Jan  4 19:09:05 dev pam_winbind[980]: request failed, PAM error was 4, NT error was NT_STATUS_INVALID_PARAMETER
> Jan  4 19:09:05 dev pam_winbind[980]: internal module error (retval = 4, user = `root'
> Jan  4 19:09:21 dev pam_winbind[983]: request failed, PAM error was 4, NT error was NT_STATUS_INVALID_PARAMETER
> Jan  4 19:09:21 dev pam_winbind[983]: internal module error (retval = 4, user = `zzzz bibble'
> Jan  4 19:09:21 dev PAM_pwdb[983]: check pass; user unknown
> Jan  4 19:09:42 dev su(pam_unix)[984]: session opened for user root by chris(uid=500)
> Jan  4 19:10:08 dev pam_winbind[1038]: request failed, PAM error was 4, NT error was NT_STATUS_INVALID_PARAMETER
> Jan  4 19:10:08 dev pam_winbind[1038]: internal module error (retval = 4, user = `zzzz bibble'
> Jan  4 19:10:08 dev PAM_pwdb[1038]: check pass; user unknown
> Jan  4 19:10:11 dev pam_winbind[1040]: request failed, PAM error was 4, NT error was NT_STATUS_INVALID_PARAMETER
> Jan  4 19:10:11 dev pam_winbind[1040]: internal module error (retval = 4, user =
>  `zzzz bibble'
> Jan  4 19:10:11 dev PAM_pwdb[1040]: check pass; user unknown
> Jan  4 19:10:22 dev smb: smbd shutdown succeeded
> Jan  4 19:10:22 dev smb: nmbd shutdown succeeded
> Jan  4 19:10:22 dev smb: smbd startup succeeded
> Jan  4 19:10:22 dev smb: nmbd startup succeeded
> Jan  4 19:10:26 dev winbind: winbindd shutdown succeeded
> Jan  4 19:10:26 dev winbind: winbindd startup succeeded
> Jan  4 19:10:42 dev pam_winbind[1098]: request failed, PAM error was 4, NT error was NT_STATUS_INVALID_PARAMETER
> Jan  4 19:10:42 dev pam_winbind[1098]: internal module error (retval = 4, user =  `zzzz bibble'
> Jan  4 19:10:42 dev PAM_pwdb[1098]: check pass; user unknown
> Jan  4 19:10:55 dev pam_winbind[1100]: request failed, PAM error was 4, NT error was NT_STATUS_INVALID_PARAMETER
> Jan  4 19:10:55 dev pam_winbind[1100]: internal module error (retval = 4, user =
>  `root'
> Jan  4 19:14:51 dev pam_winbind[1124]: user 'chris' granted acces
> Jan  4 19:14:51 dev samba(pam_unix)[1124]: session opened for user chris by (uid=0)
> Jan  4 19:27:18 dev pam_winbind[1182]: request failed, PAM error was 4, NT error was NT_STATUS_INVALID_PARAMETER
> Jan  4 19:27:18 dev pam_winbind[1182]: internal module error (retval = 4, user =
>  `root'
> ===
> 
> I did not enter "zzzz bibble" as my user name, and yet that's what the log shows. "internal module error" sure sounds bad, but I don't know what it means.

Both are features of Samba 2.2.  The first is a hack to avoid some nasty
'remote username guessing' attacks against SWAT.  Don't worry about
them.

The 'internal module error' is just because the old pam_winbind code was
very simple.  It's not relevent here, as long as your configuration
still allows the 'old' PAM modules to authorize the login.  Look at what
you changed in the PAM file, and make sure you only add new 'sufficient'
entries, instead of removing other lines.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20030106/0eb13bf0/attachment.bin


More information about the samba mailing list