[Samba] samba/PAM/winbind/ssh

Felipe Augusto van de Wiel felipe at paranacidade.org.br
Fri Sep 15 14:42:12 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/12/2006 06:50 PM, Matt Herzog escreveu:
> I have the winbind login working on FC5 but now logins to local accounts
> cannot authenticate.
> 
> My config files are here:
> 
> http://www.pigeonnier.org/nsswitch.conf
> http://www.pigeonnier.org/pam.d/
> http://www.pigeonnier.org/krb.conf
> 
> Again, if I try to ssh in as a user that exists only as a local account on the remote 
> host, I am rejected. User msh is -not- a AD account and only exists on the
> FC5 server "province"
> 
>>From the /var/log/secure file:
> 
> Sep 12 16:58:29 province sshd[11521]: reverse mapping checking getaddrinfo
> for zogness.cinteractive.com failed - POSSIBLE BREAK-IN ATTEMPT!
> Sep 12 16:58:33 province sshd[11521]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.76.121.62  user=msh
> Sep 12 16:58:35 province sshd[11521]: Failed password for msh from
> 198.76.121.62 port 58069 ssh2
> Sep 12 16:58:39 province sshd[11521]: pam_succeed_if(sshd:account):
> requirement "uid < 100" not met by user "msh"
> Sep 12 16:58:39 province sshd[11521]: fatal: Access denied for user msh by
> PAM account configuration

	Well, for some reason your pam requires that your user has
an uid less than 100, I don't know why, but it doesn't looks like
to be related with Samba.

	Kind regards,

- --
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFFCrvECj65ZxU4gPQRAuiQAJ9f6kbvBFaZw8RQ/4WdQEHdMQvHYwCeLGHC
96WqOsJkCUNBjpbax4FV7K0=
=EsSt
-----END PGP SIGNATURE-----


More information about the samba mailing list