[Samba] pam_winbind problems

alaslavic at havertys.com alaslavic at havertys.com
Mon Jan 5 18:54:46 GMT 2004 





I struggled with this for a good while before getting it working.  I am
authenticating to an ADS server, so this may not work directly for you
unless you are using Acitve Directory also.  If you have getent passwd
working, then this ought to allow auth.

#  pam.d/login
auth                required        pam_securetty.so
auth                sufficient      pam_winbind.so
auth                sufficient      pam_unix.so use_first_pass
auth                required        pam_stack.so service=system-auth
auth                required        pam_nologin.so
account             sufficient      pam_winbind.so
account             required        pam_stack.so service=system-auth
password            required        pam_stack.so service=system-auth
session             required        pam_stack.so service=system-auth
session             optional        pam_console.so

#  pam.d/system-auth
auth              required    /lib/security/$ISA/pam_env.so
auth              sufficient        /lib/security/$ISA/pam_unix.so likeauth
nullok
auth              sufficient        pam_winbind.so use_first_pass
auth              required          /lib/security/$ISA/pam_deny.so
account           required          /lib/security/$ISA/pam_unix.so
account           [default=bad success=ok user_unknown=ignore
service_err=ignore system_err=ignore]       pam_winbind.so
password          required          /lib/security/$ISA/pam_cracklib.so
retry=3 type=
password          sufficient        /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
password          sufficient        pam_winbind.so
password          sufficient        /lib/security/$ISA/pam_krb5.so
use_authtok
password          sufficient        /lib/security/$ISA/pam_ldap.so
use_authtok
password          required          /lib/security/$ISA/pam_deny.so
session           required          /lib/security/$ISA/pam_limits.so
session           required          /lib/security/$ISA/pam_unix.so
session           optional          pam_winbind.so
session           optional          /lib/security/$ISA/pam_krb5.so
session           optional          /lib/security/$ISA/pam_ldap.so

Alex Laslavic
Havertys Tech Services

samba-bounces+alaslavic=havertys.com at lists.samba.org wrote on 01/05/2004
12:21:32 PM:

> Hello,
> I am have some interesting problems with the pam_winbind portion of samba
> 3.1. wbinfo -u and getent passwd
> works but when I login I get the following messages in /var/log/messages.
> Jan  5 11:09:36 hermes pam_winbind[9014]: write to socket failed!
> Jan  5 11:09:36 hermes pam_winbind[9014]: internal module error (retval =
3,
> user = `CSQ+shane'
> Jan  5 11:09:36 hermes PAM_pwdb[9014]: check pass; user unknown
> Jan  5 11:09:37 hermes login[9014]: FAILED LOGIN 1 FROM 172.27.1.223 FOR
> CSQ+shane, User not known to the underlying authentication
> module.
> my login in /etc/pam.d is
> auth       required     pam_securetty.so
> #auth       required    pam_stack.so service=system-auth
> auth       required     pam_nologin.so
> auth       sufficient   pam_winbind.so
> auth       required     pam_pwdb.so use_first_pass shadow nullok
> #account    required    pam_stack.so service=system-auth
> account   sufficient    pam_winbind.so
> #password   required    pam_stack.so service=system-auth
> password   required     pam_pwdb.so use_first_pass shadow nullok
> #password   required     pam_winbind.so
> session    required     pam_stack.so service=system-auth
> session    optional     pam_console.so
>
> I have also installed samba on two other LINUX boxes with the same error.
Is
> this a bug or am I doing something wrong??
>                         Thank You for your Time!
>                             Shane Drinkwater
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list