[Samba] pam_winbind problem

Batty, Richard richard.batty at logicacmg.com
Mon Jan 30 10:09:14 GMT 2006


Ive got a problem with pam_winbind not authenticating, were using an AD 2003 domain.

wbinfo works

with correct password
# wbinfo -a=AD03+richard.batty%password
plaintext password authentication succeeded
challenge/response password authentication succeeded

with wrong password
# wbinfo -a=AD03+richard.batty%password1
plaintext password authentication failed
error code was NT_STATUS_WRONG_PASSWORD (0xc000006a)
error messsage was: Wrong Password
Could not authenticate user AD03+richard.batty%f3l1x!12 with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_WRONG_PASSWORD (0xc000006a)
error messsage was: Wrong Password
Could not authenticate user AD03+richard.batty with challenge/response

Ive also modified /etc/pam.conf so the rlogin command uses the pam_winbind libraries

rlogin  auth required   /usr/lib/security/pam_winbind.so debug

#rlogin -l AD03+richard.batty localhost

but get the following error 
[2006/01/30 09:50:27, 5] nsswitch/winbindd_user.c:getpwnam_name2sid_recv(377)
  Could not lookup name for user AD03+richard.batty

Heres the smb.conf file
       workgroup = AD03
        realm = AD03.LOCAL
        netbios name = Server1
        security = ADS
        password server = Server2.AD03.LOCAL
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind separator = +
        log level = 5
        log file = /var/log/samba.log.%m
        max log size = 50
        debug timestamp = yes
        local master = No
        domain master = False
        dns proxy = No
        username map = /usr/local/samba/lib/username.map
        encrypt passwords = yes
        domain master = no

I can browse the defined shares without specifying a login/password so winbind must be working and authenticating correctly.

heres the more detailed log any ideas?


[2006/01/30 09:50:22, 6] nsswitch/winbindd.c:new_connection(638)
  accepted socket 20
[2006/01/30 09:50:22, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn INTERFACE_VERSION
[2006/01/30 09:50:22, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(454)
  [    0]: request interface version
[2006/01/30 09:50:22, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2006/01/30 09:50:22, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(487)
  [    0]: request location of privileged pipe
[2006/01/30 09:50:22, 6] nsswitch/winbindd.c:new_connection(638)
  accepted socket 21
[2006/01/30 09:50:22, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn GETPWNAM
[2006/01/30 09:50:22, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(336)
  [    0]: getpwnam AD03+richard.batty
[2006/01/30 09:50:23, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1529)
  Retrieving response for pid 22985
[2006/01/30 09:50:23, 5] nsswitch/winbindd_async.c:lookupname_recv(627)
  lookup_name returned an error
[2006/01/30 09:50:23, 5] nsswitch/winbindd_user.c:getpwnam_name2sid_recv(377)
  Could not lookup name for user AD03+richard.batty
[2006/01/30 09:50:27, 6] nsswitch/winbindd.c:new_connection(638)
  accepted socket 20
[2006/01/30 09:50:27, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn INTERFACE_VERSION
[2006/01/30 09:50:27, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(454)
  [    0]: request interface version
[2006/01/30 09:50:27, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2006/01/30 09:50:27, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(487)
  [    0]: request location of privileged pipe
[2006/01/30 09:50:27, 6] nsswitch/winbindd.c:new_connection(638)
  accepted socket 22
[2006/01/30 09:50:27, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn PAM_AUTH
[2006/01/30 09:50:27, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(202)
  [    0]: pam auth AD03+richard.batty
[2006/01/30 09:50:27, 8] lib/util.c:is_myname(1879)
  is_myname("AD03") returns 0
[2006/01/30 09:50:27, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1529)
  Retrieving response for pid 22985
[2006/01/30 09:50:27, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn GETPWNAM
[2006/01/30 09:50:27, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(336)
  [    0]: getpwnam AD03+richard.batty
[2006/01/30 09:50:27, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1529)
  Retrieving response for pid 22985
[2006/01/30 09:50:27, 5] nsswitch/winbindd_async.c:lookupname_recv(627)
  lookup_name returned an error
[2006/01/30 09:50:27, 5] nsswitch/winbindd_user.c:getpwnam_name2sid_recv(377)
  Could not lookup name for user AD03+richard.batty



Thanks
Rich


This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.


More information about the samba mailing list