[Samba] Fwd: domain member server authentication problem

Emrys Hughes emrys at stateart.com.au
Sun Apr 9 13:21:33 GMT 2006 

I still haven't been able to resolve this problem and have received  
no response so I re-post.....apologies if this is bad manners.

I have tried altering /etc/pam.d/samba so it reads as follows, but  
still no joy:

@include common-auth
@include common-account
@include common-session
account required        /lib/security/pam_winbind.so
auth    required        /lib/security/pam_winbind.so


Begin forwarded message:

> From: Emrys Hughes <emrys at stateart.com.au>
> Date: 5 April 2006 8:31:04 PM
> To: samba at lists.samba.org
> Subject: domain member server authentication problem
>
> Hi
>
> I'm having problems  implementing a domain member server using  
> winbind.
>
> I've setup a test share on the server (BERTHOG) and test user  
> (alex) on the PDC (RODNEY).
>
> Winbind seems to be running fine:
>
> berthog:/srv$ wbinfo -n alex
> S-1-5-21-2502943273-132007109-1129902423-3006 User (1)
>
> But when I try to connect to the share:
>
> berthog:/srv$ smbclient //BERTHOG/shared -U alex
> Password:
> session setup failed: NT_STATUS_LOGON_FAILURE
>
> The machine log shows this:
>
> [2006/04/05 20:14:36, 0] auth/pampass.c:smb_pam_account(573)
>   smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account  
> Management for User
> : STATEART+alex
> [2006/04/05 20:14:36, 0] auth/pampass.c:smb_pam_accountcheck(781)
>   smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting  
> User STATEART
> +alex!
>
>
> I don't believe any modifications have to be made to the PAM files  
> to get samba/winbind working?
>
> Any advice would be gratefully recieved!
>
>
> My smb.conf follows:
>
>
> [global]
>
> ## Browsing/Identification ###
>
>    workgroup = stateart
>    netbios name = BERTHOG
>    server string = %h server (Samba %v)
>
>    wins support = no
>    wins server = 192.168.2.97
>    winbind use default domain = yes
>    idmap uid = 10000-20000
>    idmap gid = 10000-20000
>    winbind enum users = yes
>    winbind enum groups = yes
>    template primary group = "Domain Users"
>    winbind separator = +
>
> # This will prevent nmbd to search for NetBIOS names through DNS.
>    dns proxy = no
>
> # What naming service and in what order should we use to resolve  
> host names
> # to IP addresses
>    name resolve order = wins bcast hosts
>
>
> #### Debugging/Accounting ####
>
>    log file = /var/log/samba/log.%m
>    max log size = 1000
> ;   syslog only = no
>    syslog = 0
>
> # Do something sensible when Samba crashes: mail the admin a backtrace
>    panic action = /usr/share/samba/panic-action %d
>
>
> ####### Authentication #######
>
>    security = domain
> ;   security = share
>    password server = *
>    domain master = no
>
> # You may wish to use password encryption.  See the section on
> # 'encrypt passwords' in the smb.conf(5) manpage before enabling.
>    encrypt passwords = true
>
> # If you are using encrypted passwords, Samba will need to know what
> # password database type you are using.
>    passdb backend = tdbsam guest
>
>    obey pam restrictions = yes
>
> ;   guest account = nobody
>    invalid users = root
> ;   unix password sync = no
>
>    load printers = no
>
>
> ######## File sharing ########
>
> # Name mangling options
> ;   preserve case = yes
> ;   short preserve case = yes
>
>
> ############ Misc ############
>
>    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>
>
> #======================= Share Definitions =======================
>
> [shared]
>    path = /srv/TESTFS/shared
>    writeable = yes
>    valid users = alex
>    create mode = 0660
>    directory mode = 0770
>
>
>
>

More information about the samba mailing list