[Samba] winbind auth against ads not working via remote login - solaris 10.

Garrett, Joseph JGARRETT at southernco.com
Tue Aug 29 19:56:26 GMT 2006 

I am attempting to use winbind for Telnet authentication but winbind pam
doesn't recognize ads realm or smb.conf workgroup..see error snapshot.
 
pdtsun03 is hostname of solaris 10 ADS domain member running samba
3.0.11. "net ads join" worked..."net ads user" returns all MYADSDOMAIN
users and samba shares work from both unix and NT side. 
 
one note..After make install, I had to manually copy compiled
nsswitch/pam_winbind.so file to /usr/lib/security. thanks for the help
 
samba configured args:
./configure --with-ads --with-winbind --with-krb5=/usr/local --with-pam
 
-------------------------
error snapshot:
 
[2006/08/29 14:31:49, 8] lib/util.c:is_myname(1810)
  is_myname("PDTSUN03") returns 1
[2006/08/29 14:31:49, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(259)
  Authentication for domain PDTSUN03 (local domain to this server) not
supported at this stage
[2006/08/29 14:31:49, 2] nsswitch/winbindd_pam.c:winbindd_pam_auth(361)
  Plain-text authentication for user jgarrett returned
NT_STATUS_NO_SUCH_USER (PAM: 13)
[2006/08/29 14:31:49, 10] nsswitch/winbindd.c:client_write(524)

---------------------------------
smb.conf
# Global parameters
[global]
        workgroup = MYADSDOMAIN
        server string = Samba Server pdtsun03
        password server = MYPWDSERVER(s)
        encrypt passwords = yes
        log level = 10
        log file = /usr/local/samba/var/log.%m
        max log size = 50
        dns proxy = No
        guest account = visitor
 
realm = MYREALM.COM
security = ads
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
 

[homes]
        comment = Home Directories
        read only = No
        browseable = No
 
[tmp]
        comment = Temporary file space
        path = /tmp
        read only = No

---------------------------------------
 
detail error - with debug level at 10:
 
[2006/08/29 14:31:49, 6] nsswitch/winbindd.c:new_connection(356)
  accepted socket 19
[2006/08/29 14:31:49, 10] nsswitch/winbindd.c:winbind_client_read(470)
  client_read: read 1824 bytes. Need 0 more for a full request.
[2006/08/29 14:31:49, 10] nsswitch/winbindd.c:process_request(321)
  process_request: request fn INTERFACE_VERSION
[2006/08/29 14:31:49, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
  [19587]: request interface version
[2006/08/29 14:31:49, 10] nsswitch/winbindd.c:client_write(524)
  client_write: wrote 1300 bytes.
[2006/08/29 14:31:49, 10] nsswitch/winbindd.c:winbind_client_read(470)
  client_read: read 1824 bytes. Need 0 more for a full request.
[2006/08/29 14:31:49, 10] nsswitch/winbindd.c:process_request(321)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2006/08/29 14:31:49, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
  [19587]: request location of privileged pipe
[2006/08/29 14:31:49, 10] nsswitch/winbindd.c:client_write(524)
  client_write: wrote 1300 bytes.
[2006/08/29 14:31:49, 10] nsswitch/winbindd.c:client_write(569)
  client_write: need to write 47 extra data bytes.
[2006/08/29 14:31:49, 10] nsswitch/winbindd.c:client_write(524)
  client_write: wrote 47 bytes.
[2006/08/29 14:31:49, 10] nsswitch/winbindd.c:client_write(558)
  client_write: client_write: complete response written.
[2006/08/29 14:31:49, 6] nsswitch/winbindd.c:new_connection(356)
  accepted socket 20
[2006/08/29 14:31:49, 10] nsswitch/winbindd.c:winbind_client_read(470)
  client_read: read 1824 bytes. Need 0 more for a full request.
[2006/08/29 14:31:49, 10] nsswitch/winbindd.c:process_request(321)
  process_request: request fn PAM_AUTH
[2006/08/29 14:31:49, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(179)
  [19587]: pam auth jgarrett
[2006/08/29 14:31:49, 8] lib/util.c:is_myname(1810)
  is_myname("PDTSUN03") returns 1
[2006/08/29 14:31:49, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(259)
  Authentication for domain PDTSUN03 (local domain to this server) not
supported at this stage
[2006/08/29 14:31:49, 2] nsswitch/winbindd_pam.c:winbindd_pam_auth(361)
  Plain-text authentication for user jgarrett returned
NT_STATUS_NO_SUCH_USER (PAM: 13)
[2006/08/29 14:31:49, 10] nsswitch/winbindd.c:client_write(524)
  client_write: wrote 1300 bytes.
[2006/08/29 14:31:49, 10] nsswitch/winbindd.c:winbind_client_read(470)
  client_read: read 0 bytes. Need 1824 more for a full request.
[2006/08/29 14:31:49, 5] nsswitch/winbindd.c:winbind_client_read(477)
  read failed on sock 19, pid 19587: EOF
[2006/08/29 14:31:49, 10] nsswitch/winbindd.c:winbind_client_read(470)
  client_read: read 0 bytes. Need 1824 more for a full request.
[2006/08/29 14:31:49, 5] nsswitch/winbindd.c:winbind_client_read(477)
  read failed on sock 20, pid 19587: EOF

More information about the samba mailing list