[Samba] Solaris Winbind causes problem with SSH.
Security Officer
mewtwo at catlover.com
Mon Dec 5 06:09:07 GMT 2005
Hello, I have been testing Samba 3.0.21 (rc1, rc2) on Solaris 8 and Solaris 9 compiled with ADS support.
In my testing smbd seems to work with a Windows 2000 ADS and Windows XP workstations in a basic setup where
winbindd is running in default mode "netlogon proxy only" (but winbind is NOT enabled in /etc/nsswitch.conf).
When I configure winbind to use idmap and enable winbind in /etc/nsswitch.conf, smbd seems to work even better
but my SSH logins no longer work properly. If I connect with SSH to the Samba server using public key
authentication while winbind is enabled in /etc/nsswitch.conf, the SSH login succeeds but the SSH server
disconnects me after a few minutes. I see the following messages in the console log:
|Dec 5 12:51:07 numbat sshd[7356]: [ID 800047 auth.info] Accepted publickey for mewtwo from 192.168.1.101 port
34809 ssh2
|Dec 5 12:53:02 numbat sshd[7356]: [ID 800047 auth.crit] fatal: Timeout before authentication for 192.168.1.101
Can anyone help explain what is happening? Do I need to edit pam.conf as well as nsswitch.conf?
My smb.conf file (with winbind) is as follows:
# Samba config file.
[global]
workgroup = PERTH
realm = PERTH.LOCALDOMAIN
security = ADS
encrypt passwords = yes
client use spnego = yes
winbind cache time = 10
winbind enum users = yes
winbind enum groups = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /usr/bin/sh
template homedir = /home/%U
[homes]
guest ok = no
read only = no
My /etc/nsswitch.conf file (with winbind) is as follows:
passwd: files nis winbind
group: files nis winbind
--
___________________________________________________
Play 100s of games for FREE! http://games.mail.com/
More information about the samba
mailing list