[Samba] need help with winbind, pam and samba

[Stefan Sabolowitsch]

Hi all,

happy christmas,

need help with winbind, pam and samba.

I have here a RHEL clone with Samba 3.09.
Winbind goes so far and wbinfo - u / -g / -t is successful.

Which does not function is Winbind and pam.
As soon as a Windows PC wants to access a share,
i get the following error message in the Samba log file.

	[2004/12/27 11:54:34, 0]
auth/auth_util.c:make_server_info_info3(1134)
	  make_server_info_info3: pdb_init_sam failed!

Which are the correct parameters for pam the files?


I have the following files to info:

	nsswitch.conf

	passwd:     files winbind
	shadow:     files winbind
	group:      files winbind

	pam.d / samba

	#%PAM-1.0
	auth       required	pam_nologin.so
	auth       required	pam_stack.so service=system-auth
	auth       required	pam_winbind.so
	account    required	pam_winbind.so
	account    required	pam_stack.so service=system-auth
	session    required	pam_mkhomedir.so skel=/etc/skel umask=0022
	session    required	pam_stack.so service=system-auth
	password   required	pam_stack.so service=system-auth

With this samba pam configuration, is no longer successful the login on swat
via Webmin. I get the error message, root the wrong password used.


	pam.d / login

	#%PAM-1.0
	auth       required	pam_securetty.so
	auth       sufficient	pam_winbind.so
	auth       sufficient	pam_unix.so likeauth nullok use_first_pass
	auth       required	pam_stack.so service=system-auth
	auth       required	pam_nologin.so
	account    sufficient	pam_winbind.so
	account    required	pam_stack.so service=system-auth
	password   required	pam_stack.so service=system-auth
	session    required	pam_stack.so service=system-auth
	session    optional	pam_console.so

	pam.d / sytsem_auth

	%PAM-1.0
	# This file is auto-generated.
	# User changes will be destroyed the next time authconfig is run.
	auth        required      /lib/security/$ISA/pam_env.so
	auth        sufficient    /lib/security/$ISA/pam_winbind.so
	auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth
nullok use_first_pass
	auth        required      /lib/security/$ISA/pam_deny.so

	account     required      /lib/security/$ISA/pam_unix.so

	password    required      /lib/security/$ISA/pam_cracklib.so retry=3
	type=
	password    sufficient    /lib/security/$ISA/pam_unix.so nullok
	use_authtok md5 shadow
	password    required      /lib/security/$ISA/pam_deny.so

	session     required      /lib/security/$ISA/pam_limits.so
	session     required      /lib/security/$ISA/pam_unix.so


What wrong do I make? Does someone have an idea?

Thanks for each assistance.


Stefan