[Samba] pam_winbind succeeds but pam_unix fails !
McNally, Ian
Ian.McNally at racq.com.au
Fri Apr 30 02:47:08 GMT 2004
Hi, I am attempting to authenticate ssh access against users in active directory using winbind + pam . Unfortunately all they receive is "permission denied, please try again". A tail -f of /var/log/messages reveals :
Apr 30 12:32:41 HOST sshd(pam_unix)[3011]: check pass; user unknown
Apr 30 12:32:41 HOST sshd(pam_unix)[3011]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=localhost.localdomain
Apr 30 12:32:41 HOST pam_winbind[3011]: Verify user `DOMAIN+bob'
Apr 30 12:32:42 HOST pam_winbind[3011]: user 'DOMAIN+bob' granted acces
The server users are sshing to is running samba 3.0.2 of Fedora core 1. as a domain member server. wbinfo and getent commands work correctly on the samba server, and chown files as active directory users works. I know I have missed something simple, but for the life of me, I can't find what it is
/etc/pam.d/sshd
auth required pam_stack.so service=system-auth
auth sufficient pam_winbind.so debug
account sufficient pam_stack.so service=system-auth
account sufficient pam_winbind.so debug
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session required pam_limits.so
session optional pam_console.so
Please Note:
This communication has been sent on behalf of The Royal Automobile Club of
Queensland Limited (RACQ). The information contained in this communication
may be privileged and confidential. If you are not the intended recipient,
any use, disclosure or copying of this communication is expressly
prohibited. If you have received this communication in error, please delete
it immediately. RACQ and its associated entities do not warrant or
represent that this communication (including any enclosed files) is free
from electronic viruses, faults or defects.
If this is a commercial electronic message within the meaning of the Spam
Act(2003), you may indicate that you do not wish to receive any further
commercial electronic messages from RACQ by sending an e-mail to
unsubscribe at racq.com.au with your details or by contacting RACQ on 131905
More information about the samba
mailing list