[Samba] Solaris Winbind causes problem with SSH.

Security Officer mewtwo at catlover.com
Mon Dec 5 06:09:07 GMT 2005

Hello, I have been testing Samba 3.0.21 (rc1, rc2) on Solaris 8 and Solaris 9 compiled with ADS support.

In my testing smbd seems to work with a Windows 2000 ADS and Windows XP workstations in a basic setup where
winbindd is running in default mode "netlogon proxy only" (but winbind is NOT enabled in /etc/nsswitch.conf).

When I configure winbind to use idmap and enable winbind in /etc/nsswitch.conf, smbd seems to work even better
but my SSH logins no longer work properly. If I connect with SSH to the Samba server using public key 
authentication while winbind is enabled in /etc/nsswitch.conf, the SSH login succeeds but the SSH server 
disconnects me after a few minutes. I see the following messages in the console log:

|Dec  5 12:51:07 numbat sshd[7356]: [ID 800047 auth.info] Accepted publickey for mewtwo from port
34809 ssh2
|Dec  5 12:53:02 numbat sshd[7356]: [ID 800047 auth.crit] fatal: Timeout before authentication for

Can anyone help explain what is happening? Do I need to edit pam.conf as well as nsswitch.conf?

My smb.conf file (with winbind) is as follows:

# Samba config file.

        workgroup = PERTH
        realm = PERTH.LOCALDOMAIN
        security = ADS
        encrypt passwords = yes
        client use spnego = yes
        winbind cache time = 10
        winbind enum users = yes
        winbind enum groups = yes
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template shell = /usr/bin/sh
        template homedir = /home/%U

        guest ok = no
        read only = no

My /etc/nsswitch.conf file (with winbind) is as follows:

passwd:     files nis winbind
group:      files nis winbind

Play 100s of games for FREE! http://games.mail.com/

More information about the samba mailing list