[Samba] 3.0.21b +pam_winbindd

Batty, Richard richard.batty at logicacmg.com
Wed Feb 1 09:41:43 GMT 2006 

Hi,
	When I run 

wbinfo --authenticate=AD03+richard.batty%password

I get the following in the logs,

[2006/01/30 11:42:06, 6] nsswitch/winbindd.c:new_connection(638)
  accepted socket 16
[2006/01/30 11:42:06, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn INTERFACE_VERSION
[2006/01/30 11:42:06, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(454)
  [    0]: request interface version
[2006/01/30 11:42:06, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2006/01/30 11:42:06, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(487)
  [    0]: request location of privileged pipe
[2006/01/30 11:42:06, 6] nsswitch/winbindd.c:new_connection(638)
  accepted socket 17
[2006/01/30 11:42:06, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn PAM_AUTH
[2006/01/30 11:42:06, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(202)
  [    0]: pam auth AD03+richard.batty
[2006/01/30 11:42:06, 8] lib/util.c:is_myname(1879)
  is_myname("AD03") returns 0
[2006/01/30 11:42:06, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1529)
  Retrieving response for pid 24308
[2006/01/30 11:42:06, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn INFO
[2006/01/30 11:42:06, 3] nsswitch/winbindd_misc.c:winbindd_info(442)
  [    0]: request misc info
[2006/01/30 11:42:06, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn AUTH_CRAP
[2006/01/30 11:42:06, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(513)
  [    0]: pam auth crap domain: [AD03] user: richard.batty
[2006/01/30 11:42:06, 8] lib/util.c:is_myname(1879)
  is_myname("AD03") returns 0
[2006/01/30 11:42:07, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1529)
  Retrieving response for pid 24308


When I do the rlogin -l AD03+richard.batty localhost I get prompted for the password and get the following



[2006/01/30 15:11:41, 6] nsswitch/winbindd.c:new_connection(638)
  accepted socket 16
[2006/01/30 15:11:41, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn INTERFACE_VERSION
[2006/01/30 15:11:41, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(454)
  [    0]: request interface version
[2006/01/30 15:11:41, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2006/01/30 15:11:41, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(487)
  [    0]: request location of privileged pipe
[2006/01/30 15:11:41, 6] nsswitch/winbindd.c:new_connection(638)
  accepted socket 17
[2006/01/30 15:11:41, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn PAM_AUTH
[2006/01/30 15:11:41, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(202)
  [    0]: pam auth AD03+richard.batty
[2006/01/30 15:11:41, 8] lib/util.c:is_myname(1879)
  is_myname("AD03") returns 0
[2006/01/30 15:11:41, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1529)
  Retrieving response for pid 27648

Both seem identical but the wbinfo does more after the "nsswitch/winbindd_cache.c:cache_retrieve_response(1529)"


Richard Batty
Unix, Oracle & AS/400 Team Leader
_________________________________________
LogicaCMG
Fairham House
Green Lane
Clifton
Nottingham
NG11 9LN
Tel:  +44 (0) 115 9848926
Mob:  +44 (0) 7841 602564
Fax: +44 (0) 115 9848547 (or 541)
Email: Richard.Batty at logicacmg.com
Web:   http://www.logicacmg.com


-----Original Message-----
From: Guenther Deschner [mailto:gd at samba.org]
Sent: 31 January 2006 18:09
To: Batty, Richard
Cc: Samba Mailing List (E-mail); Foster, Ian
Subject: Re: [Samba] 3.0.21b +pam_winbindd


Hi,

On Tue, Jan 31, 2006 at 05:43:02PM -0000, Batty, Richard wrote:
> 
> Ive installed and configured samba using
> 
> cd samba-3.0.21b/source
> ./autogen.sh
> ./configure --with-krb5=/usr/local \
>             --with-automount \
>             --with-pam \
>             --with-utmp \
>             --with-winbind \
>             --with-libsmbclient \
> 		--with-ldap \
>             --with-netlib='-lresolv'
> make
> make install
> cp nsswitch/pam_winbind.so /usr/lib/security
> cp nsswitch/libnss_winbind.so /lib/nss_winbind.so.1
> ln -s /lib/nss_winbind.so.1 /usr/lib/nss_winbind.so.1
> 
> I can browse my samba shares and the active directory 2003 authentication works fine.
> 
> Ive modified pam.conf so rlogin should use pam_winbind
> 
> rlogin  auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
> rlogin  auth sufficient /usr/lib/security/pam_winbind.so try_first_pass
> rlogin  auth required   /usr/lib/security/$ISA/pam_unix.so.1

What did pam_winbind.so wrote to the syslog ?

> however if I try and login using 
> 
> rlogin -l AD03+richard.batty localhost
> 
> it fails 

Does it at least prompt you for a new password?

Thanks,
Guenther

-- 
Günther Deschner                    GPG-ID: 8EE11688
Novell / SUSE LINUX                       gd at suse.de
Samba Team                              gd at samba.org


This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.

More information about the samba mailing list