[Samba] winbindd and PAM problem

Bjoern Olausson spamsuxx at gmail.com
Thu Sep 29 13:38:21 GMT 2005 

Hi all,

I am trying to make it possible to log into a Linux client
authenticating against a running Samba PDC (24 Windows XP clients do
so sccessfully) (SuSE Linux 9.1; Samba 3.0.9-2.6-SUSE)

The client is running Gentoo Linux with Samba Samba 3.0.14a

I configured everything like written in the Samba HowTo "23. Winbind:
Use of Domain Accounts"

When I login with "biopool/test" and the correct password, I get a
"Permission denied"
When I use a wrong password I get a
"Login incorrect"

So it seams as if the authentication to the PDC works. But something
goes wrong after that.

I have no clue what, or where to search. Google didn't find an answere.

So here are my configs:

smb.conf (client):
---------------------------------
[global]
        workgroup = BIOPOOL
        security = DOMAIN
        encrypt passwords = No
        allow trusted domains = No
        password server = 172.30.2.251
        passdb backend = tdbsam
        ldap ssl = no
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template shell = /bin/bash
        winbind use default domain = Yes
        winbind trusted domains only = Yes


pam_login(client)
------------------------------------
#%PAM-1.0

auth      sufficient   /lib/security/pam_unix.so use_first_pass
auth      sufficient   /lib/security/pam_winbind.so
auth       required     /lib/security/pam_nologin.so

account   sufficient   /lib/security/pam_winbind.so use_first_pass use_authtok

password   sufficient     pam_winbind.so  use_first_pass use_authtok

session sufficient      pam_winbind.so  use_first_pass use_authtok
session   required     /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0077

messages for login with wrong PW:
----------------------------------------------------------------------
Sep 29 15:35:49 pool04 login(pam_unix)[11222]: auth could not identify
password for [biopool\test]
Sep 29 15:35:53 pool04 pam_winbind[11222]: request failed: Wrong
Password, PAM error was 7, NT error was NT_STATUS_WRONG_PASSWORD
Sep 29 15:35:53 pool04 pam_winbind[11222]: user `biopool\test' denied
access (incorrect password or invalid membership)
Sep 29 15:35:53 pool04 login[11222]: FAILED LOGIN 1 FROM /dev/tty2 FOR
UNKNOWN, Permission denied


messages f��or ����login with correct PW:
------------------------------------------------------------------
Sep 29 15:37:29 pool04 login(pam_unix)[11255]: auth could not identify
password for [biopool\test]
Sep 29 15:37:34 pool04 pam_winbind[11255]: user 'biopool\test' granted access
Sep 29 15:37:34 pool04 login[11255]: Permission denied

So where is my mistake? Could anybody please give me some hints where
I have to start my search?

thanks a lot
Bjoern

More information about the samba mailing list