[Samba] ODD PAM ERROR

Thu Nov 13 16:01:40 GMT 2003

That did it, thanks much!

John H Terpstra wrote:

>On Wed, 12 Nov 2003, Brandon Lederer wrote:
>
>  
>
>>I Have a "nobody" account.  However I didn't have that line in there, or
>>rather it was commented out.  So, I uncommented it, restarted samba and
>>winbind to no avail.  No luck with the magic crystal this time.  So that
>>we have a clear distinct crystal, I will paste my smb.conf file.  My bad.
>>Comments removed.
>>    
>>
>
>Ok. Much better info this time! :)
>
>You are configured to be a domain member, therefor you do not need tdbsam.
>Also, since you are not doing local authentication you should not specify
>"obey pam restrictions". Both "password chat" and "passwd bprogram" are
>not relevant for a Domain Member.
>
>So, comment out the lines above and it should work.
>
>Cheers,
>John T.
>
>
>  
>
>>[global]
>>   workgroup = HMS
>>   server string = %h server (Samba %v)
>>   dns proxy = no
>>   log file = /var/log/samba/log.%m
>>   max log size = 1000
>>   syslog = 0
>>   panic action = /usr/share/samba/panic-action %d
>>   security = domain
>>   encrypt passwords = true
>>   passdb backend = tdbsam guest
>>   obey pam restrictions = yes
>>   guest account = nobody
>>   invalid users = root
>>   passwd program = /usr/bin/passwd %u
>>   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
>>*Retype\snew\sUNIX\spassword:* %n\n .
>>   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>   idmap uid = 10000-20000
>>   idmap gid = 10000-20000
>>   template shell = /bin/false
>>   winbind separator = +
>>
>>[data]
>>        path = /data
>>        public = yes
>>
>>
>>John H Terpstra wrote:
>>
>>    
>>
>>>On Fri, 7 Nov 2003, Brandon Lederer wrote:
>>>
>>>
>>>
>>>      
>>>
>>>>I have set up winbind, made the nsswitch settings, joined the current NT
>>>>Domain, got back the message that said "Welcome to Domain".  When I try
>>>>to access the PC, it brings up IPC$ and wants a password.  The log for
>>>>that workstation says "PAM:  UNKNOWN PAM ERROR (9) during Account
>>>>Management for User:  Domain+USERNAME!"  Then it says "PAM: Account
>>>>Validation Failed - Rejecting User Domain+USERNAME!"
>>>>
>>>>Does anyone have any helpful ideas?
>>>>
>>>>
>>>>        
>>>>
>>>Brandon,
>>>
>>>You are asking us to exercise our worn-out crystal balls by not providing
>>>your smb.conf file, so here goes:
>>>
>>>My guess is that your UNIX system does NOT have an account called
>>>"nobody". I guess also that given that your system does not have a nobody
>>>account, you also do not have the following entry in your smb.conf file
>>>[globals] section:
>>>
>>>	guest account = 'a_valid_unix_account'
>>>
>>>So let me know, did my crystal ball work this time. Dang, it's been so
>>>unreliable lately! :)
>>>
>>>- John T.
>>>
>>>
>>>      
>>>
>>    
>>
>
>  
>

-- 
Brandon Lederer
Linux Administrator
Cashflow Billing Solutions
(402) 898-2600 x334

**********CONFIDENTIALITY STATEMENT**********
This e-mail (including attachments) is covered by the Electronic 
Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may 
be legally privileged.  It is intended for the use of the individual or 
entity to which it is addressed and may contain information that is 
privileged, confidential, and exempt from disclosure under applicable 
law.  If the reader of this email is not the intended recipient, or 
agent responsible for delivering or copying of this communication, you 
are hereby notified that any retention, dissemination, distribution, or 
copying of this communication is strictly prohibited.  If you have 
received this communication in error, please reply to the sender that 
you have received the message in error, then delete it.  Thank you.