[Samba] pam_winbind succeeds but pam_unix fails !

McNally, Ian Ian.McNally at racq.com.au
Fri Apr 30 02:47:08 GMT 2004

Hi, I am attempting to authenticate ssh access against users in active directory using winbind + pam . Unfortunately all they receive is "permission denied, please try again". A tail -f of /var/log/messages reveals :

Apr 30 12:32:41 HOST sshd(pam_unix)[3011]: check pass; user unknown
Apr 30 12:32:41 HOST sshd(pam_unix)[3011]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=localhost.localdomain 
Apr 30 12:32:41 HOST pam_winbind[3011]: Verify user `DOMAIN+bob'
Apr 30 12:32:42 HOST pam_winbind[3011]: user 'DOMAIN+bob' granted acces

The server users are sshing to is running samba 3.0.2 of Fedora core 1. as a domain member server. wbinfo and getent commands work correctly on the samba server, and chown files as active directory users works. I know I have missed something simple, but for the life of me, I can't find what it is


auth       required     pam_stack.so service=system-auth
auth       sufficient   pam_winbind.so debug
account    sufficient   pam_stack.so service=system-auth
account    sufficient   pam_winbind.so debug
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    required     pam_limits.so
session    optional     pam_console.so


Please Note:

This communication has been sent on behalf of The Royal Automobile Club of
Queensland Limited (RACQ).  The information contained in this communication
may be privileged and confidential.  If you are not the intended recipient,
any use, disclosure or copying of this communication is expressly
prohibited.  If you have received this communication in error, please delete
it immediately.  RACQ and its associated entities do not warrant or
represent that this communication (including any enclosed files) is free
from electronic viruses, faults or defects.

If this is a commercial electronic message within the meaning of the Spam 
Act(2003), you may indicate that you do not wish to receive any further 
commercial electronic messages from RACQ by sending an e-mail to 
unsubscribe at racq.com.au with your details or by contacting RACQ on 131905

More information about the samba mailing list