[Samba] PAM sending wrong username to Winbind

Chew, Darren darrenc at vicscouts.asn.au
Tue Dec 28 09:38:11 GMT 2004 

Hi All,

I am unable to authenticate users through pam_winbind.

"wbinfo -u", "wbinfo -g", "getent passwd", "getent group", "wbinfo -a 
DOMAIN\\Administrator%password" all work and suggest that samba and 
winbind are correctly configured.

For some strange reason PAM seems to be sending Winbind "NOUSER" as the 
username to authenticate instead of the username I send sshd. Below is 
some output of winbind running in interactive mode and debuglevel 3 while 
I am trying to ssh as a nt user. 

Any help greatly appreciated. Darren.

[root at box1 pam.d]# winbindd -d 3 -i
winbindd version 3.0.9-1.3E.1 started.
Copyright The Samba Team 2000-2004
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file 
"/etc/samba/smb.conf"
Processing section "[global]"
Processing section "[homes]"
Processing section "[printers]"
adding IPC service
adding IPC service
added interface ip=x.x.x.x bcast=x.x.x.x nmask=x.x.x.x
added interface ip=x.x.x.x bcast=x.x.x.x nmask=x.x.x.x
idmap_init: using 'ldap' as remote backend
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
add_trusted_domain: DOMAIN is an NT4  domain
Added domain DOMAIN  S-0-0
resolve_lmhosts: Attempting lmhosts lookup for name DOMAIN<0x1c>
resolve_wins: Attempting wins lookup for name DOMAIN<0x1c>
resolve_wins: using WINS server x.x.x.x and tag '*'
name_resolve_bcast: Attempting broadcast lookup for name DOMAIN<0x1c>
Got a positive name query response from x.x.x.x ( x.x.x.x )
rpc_dc_name: Returning DC PDC (x.x.x.x) for domain DOMAIN
IPC$ connections done by user DOMAIN\Administrator
Connecting to host=PDC
Connecting to x.x.x.x at port 445
error connecting to x.x.x.x:445 (Connection refused)
Connecting to x.x.x.x at port 139
bind_rpc_pipe: transfer syntax differs
rpc_pipe_bind: check_bind_response failed.
cli_nt_session_open: rpc bind to \PIPE\lsarpc failed
rpc: trusted_domains
rpc_dc_name: Returning DC PDC (x.x.x.x) for domain DOMAIN
IPC$ connections done by user DOMAIN\Administrator
Connecting to host=PDC
Connecting to x.x.x.x at port 445
error connecting to x.x.x.x:445 (Connection refused)
Connecting to x.x.x.x at port 139
add_trusted_domain: BUILTIN is an NT4  domain
Added domain BUILTIN  S-1-5-32
add_trusted_domain: BOX1 is an NT4  domain
Added domain BOX1  S-1-5-21-776210177-1783708640-2802815666
rpc: trusted_domains
[ 3781]: request interface version
[ 3781]: request location of privileged pipe
[ 3781]: pam auth NOUSER
rpc_dc_name: Returning DC PDC (x.x.x.x) for domain DOMAIN
IPC$ connections done by user DOMAIN\Administrator
Connecting to host=PDC
Connecting to x.x.x.x at port 445
error connecting to x.x.x.x:445 (Connection refused)
Connecting to x.x.x.x at port 139
Plain-text authentication for user NOUSER returned 
NT_STATUS_WRONG_PASSWORD (PAM: 7)

More information about the samba mailing list