[Samba] winbind/gdm auth failure

Torsten Schröer T_Schroeer at urz.uni-heidelberg.de
Wed Jul 14 18:31:46 GMT 2004


Dear Samba-Users,

two problems to solve...

1) Trying to authenticate users via pam_winbind against 
NT-PDC (samba 3.0.4, Debian GNU Linux 3.0). Got shell login 
and ssh working, but won't be able to login via GDM to 
gnome or KDE. I do not really understand the difference 
between login/ssh module stack and gdm module stack. Log 
auth says something queerish:
--- auth.log ---
Jul 14 18:34:43 testserver pam_winbind[17588]: user 
'user' granted acces
Jul 14 18:34:43 testserver PAM_unix[17588]: could not 
identify user (from getpwnam(user))
Jul 14 18:34:43 testserver gdm[17588]: Couldn't set acct. 
mgmt for user
---

whilst winbindd log does tell nothing in particular. 
Logging in via ssh or console works properly and grants 
system access:
--- auth.log ---
Jul 14 18:39:31 testserver pam_winbind[17588]: user 'user' 
granted acces
---

To complete this I give you /etc/pam.d/login and my tries 
on /etc/pam.d/gdm:
--- login ---
auth       requisite  pam_securetty.so
auth       requisite  pam_nologin.so
auth       required   pam_env.so
auth       sufficient pam_winbind.so 
auth       required   pam_unix.so nullok use_first_pass

account    sufficient pam_winbind.so
account    required   pam_unix.so

session    required   pam_mkhomedir.so skel=/etc/skel 
umask=0022
session    sufficient pam_winbind.so
session    required   pam_unix.so
session    optional   pam_motd.so
session    optional   pam_mail.so standard noenv

password   required   pam_unix.so nullok obscure min=4 
max=8 md5
--- 

--- gdm ---
#%PAM-1.0
auth     required       pam_nologin.so
auth     required       pam_env.so
auth     sufficient     pam_winbind.so
auth     required       pam_unix_auth.so nullok 
use_first_pass

account  sufficient     pam_winbind.so
account  required       pam_unix_acct.so

password required       pam_unix_passwd.so shadow

session  sufficient     pam_winbind.so
session  required       pam_unix_session.so
session  required	pam_limits.so
---

As you can see, almost the same, exept the functionalíty.

2) My second Question is on "How to get apache directive 
require group working with pam_auth_smb.so". Everything 
seems to be configured well, because using dirctive 
"Require user user1 user2 user3" works fine. But changing 
to the users group directive, Apache shows Internal 
misconfiguration...

Can't explain that to. Apache error log shows the following:
--- error ---
[Wed Jul 14 18:56:55 2004] [error] (2)No such file or 
directory: couldn't get group list
[Wed Jul 14 18:56:55 2004] [crit] [client 129.206.123.201] 
configuration error:  couldn't check access.  No groups 
file?: /
---

later a while:
--- error ---
Jul 14 20:14:01 apache: No Local authentication done, 
relying on other modules for password file entry.
Jul 14 20:14:01 apache: pam_smb: Configuration Data, 
Primary pdc, Backup bdc, Domain domain.
Jul 14 20:14:01 apache: pam_smb: Correct NT 
username/password pair
---

with pam.d/httpd like this:
--- pam.d/httpd ---
auth       required   pam_smb_auth.so nolocal debug
account    required   pam_permit.so
---
But no access to contents just popping one pwdcheck after 
the other. Might be something wrong with my module stack!
Hm...

Is anyone familiar with this kind of problem? Any ideas 
would be appreciated. Thanks so far,

Torsten Schröer

P.S. NOT SUBSCRIBED. Please email. Thanks.


More information about the samba mailing list