[Samba] Fwd: domain member server authentication problem
Emrys Hughes
emrys at stateart.com.au
Mon Apr 17 11:04:06 GMT 2006
I'm still unable to pinpoint this problem and am getting desperate!
It appears to be something PAM related,as winbindd authenticates the
use fine, then fails at PAM:
From /var/log/auth.log:
Apr 17 20:24:22 localhost pam_winbind[29408]: user 'STATEART+test'
granted access
at the terminal:
SPNEGO login failed: Logon failurelang_tdb_init: /usr/share/samba/
en_AU:en_US:en_GB:en.msg: No such file or directory
session setup failed: NT_STATUS_LOGON_FAILURE
From /var/log/samba/log.berthog
[2006/04/17 20:44:39, 3] auth/auth.c:check_ntlm_password(268)
check_ntlm_password: winbind authentication for user [test] succeeded
[2006/04/17 20:44:39, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2006/04/17 20:44:39, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx
(0) : conn_ctx_stack_ndx = 0[2006/04/17 20:44:39, 3] smbd/
sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) -
sec_ctx_stack_ndx = 1
[2006/04/17 20:44:39, 5] auth/auth_util.c:debug_nt_user_token(485)
NT user token: (NULL)[2006/04/17 20:44:39, 5] auth/
auth_util.c:debug_unix_user_token(506) UNIX token of user 0 Primary
group is 0 and contains 0 supplementary groups
[2006/04/17 20:44:39, 4] auth/pampass.c:smb_pam_start(459)
smb_pam_start: PAM: Init user: STATEART+test
[2006/04/17 20:44:39, 4] auth/pampass.c:smb_pam_start(476)
smb_pam_start: PAM: setting rhost to: 127.0.0.1
[2006/04/17 20:44:39, 4] auth/pampass.c:smb_pam_start(485)
smb_pam_start: PAM: setting tty
[2006/04/17 20:44:39, 4] auth/pampass.c:smb_pam_start(493)
smb_pam_start: PAM: Init passed for user: STATEART+test
[2006/04/17 20:44:39, 4] auth/pampass.c:smb_pam_account(551)
smb_pam_account: PAM: Account Management for User: STATEART+test
[2006/04/17 20:44:39, 0] auth/pampass.c:smb_pam_account(573)
smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management
for User: STATEART+test
[2006/04/17 20:44:39, 2] auth/pampass.c:smb_pam_error_handler(73)
smb_pam_error_handler: PAM: Account Check Failed : Authentication
service cannot retrieve authentication info.
[2006/04/17 20:44:39, 0] auth/pampass.c:smb_pam_accountcheck(781)
smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User
STATEART+test!
Begin forwarded message:
> From: Emrys Hughes <emrys at stateart.com.au>
> Date: 9 April 2006 11:21:33 PM
> To: samba at lists.samba.org
> Subject: Fwd: domain member server authentication problem
>
> I still haven't been able to resolve this problem and have received
> no response so I re-post.....apologies if this is bad manners.
>
> I have tried altering /etc/pam.d/samba so it reads as follows, but
> still no joy:
>
> @include common-auth
> @include common-account
> @include common-session
> account required /lib/security/pam_winbind.so
> auth required /lib/security/pam_winbind.so
>
>
> Begin forwarded message:
>
>> From: Emrys Hughes <emrys at stateart.com.au>
>> Date: 5 April 2006 8:31:04 PM
>> To: samba at lists.samba.org
>> Subject: domain member server authentication problem
>>
>> Hi
>>
>> I'm having problems implementing a domain member server using
>> winbind.
>>
>> I've setup a test share on the server (BERTHOG) and test user
>> (alex) on the PDC (RODNEY).
>>
>> Winbind seems to be running fine:
>>
>> berthog:/srv$ wbinfo -n alex
>> S-1-5-21-2502943273-132007109-1129902423-3006 User (1)
>>
>> But when I try to connect to the share:
>>
>> berthog:/srv$ smbclient //BERTHOG/shared -U alex
>> Password:
>> session setup failed: NT_STATUS_LOGON_FAILURE
>>
>> The machine log shows this:
>>
>> [2006/04/05 20:14:36, 0] auth/pampass.c:smb_pam_account(573)
>> smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account
>> Management for User
>> : STATEART+alex
>> [2006/04/05 20:14:36, 0] auth/pampass.c:smb_pam_accountcheck(781)
>> smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting
>> User STATEART
>> +alex!
>>
>>
>> I don't believe any modifications have to be made to the PAM files
>> to get samba/winbind working?
>>
>> Any advice would be gratefully recieved!
>>
>>
>> My smb.conf follows:
>>
>>
>> [global]
>>
>> ## Browsing/Identification ###
>>
>> workgroup = stateart
>> netbios name = BERTHOG
>> server string = %h server (Samba %v)
>>
>> wins support = no
>> wins server = 192.168.2.97
>> winbind use default domain = yes
>> idmap uid = 10000-20000
>> idmap gid = 10000-20000
>> winbind enum users = yes
>> winbind enum groups = yes
>> template primary group = "Domain Users"
>> winbind separator = +
>>
>> # This will prevent nmbd to search for NetBIOS names through DNS.
>> dns proxy = no
>>
>> # What naming service and in what order should we use to resolve
>> host names
>> # to IP addresses
>> name resolve order = wins bcast hosts
>>
>>
>> #### Debugging/Accounting ####
>>
>> log file = /var/log/samba/log.%m
>> max log size = 1000
>> ; syslog only = no
>> syslog = 0
>>
>> # Do something sensible when Samba crashes: mail the admin a
>> backtrace
>> panic action = /usr/share/samba/panic-action %d
>>
>>
>> ####### Authentication #######
>>
>> security = domain
>> ; security = share
>> password server = *
>> domain master = no
>>
>> # You may wish to use password encryption. See the section on
>> # 'encrypt passwords' in the smb.conf(5) manpage before enabling.
>> encrypt passwords = true
>>
>> # If you are using encrypted passwords, Samba will need to know what
>> # password database type you are using.
>> passdb backend = tdbsam guest
>>
>> obey pam restrictions = yes
>>
>> ; guest account = nobody
>> invalid users = root
>> ; unix password sync = no
>>
>> load printers = no
>>
>>
>> ######## File sharing ########
>>
>> # Name mangling options
>> ; preserve case = yes
>> ; short preserve case = yes
>>
>>
>> ############ Misc ############
>>
>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>
>>
>> #======================= Share Definitions =======================
>>
>> [shared]
>> path = /srv/TESTFS/shared
>> writeable = yes
>> valid users = alex
>> create mode = 0660
>> directory mode = 0770
>>
>>
>>
>>
>
More information about the samba
mailing list