[Samba] samba/PAM/winbind/ssh

Felipe Augusto van de Wiel felipe at paranacidade.org.br
Fri Sep 15 14:42:12 GMT 2006

Hash: SHA1

On 09/12/2006 06:50 PM, Matt Herzog escreveu:
> I have the winbind login working on FC5 but now logins to local accounts
> cannot authenticate.
> My config files are here:
> http://www.pigeonnier.org/nsswitch.conf
> http://www.pigeonnier.org/pam.d/
> http://www.pigeonnier.org/krb.conf
> Again, if I try to ssh in as a user that exists only as a local account on the remote 
> host, I am rejected. User msh is -not- a AD account and only exists on the
> FC5 server "province"
>>From the /var/log/secure file:
> Sep 12 16:58:29 province sshd[11521]: reverse mapping checking getaddrinfo
> for zogness.cinteractive.com failed - POSSIBLE BREAK-IN ATTEMPT!
> Sep 12 16:58:33 province sshd[11521]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=  user=msh
> Sep 12 16:58:35 province sshd[11521]: Failed password for msh from
> port 58069 ssh2
> Sep 12 16:58:39 province sshd[11521]: pam_succeed_if(sshd:account):
> requirement "uid < 100" not met by user "msh"
> Sep 12 16:58:39 province sshd[11521]: fatal: Access denied for user msh by
> PAM account configuration

	Well, for some reason your pam requires that your user has
an uid less than 100, I don't know why, but it doesn't looks like
to be related with Samba.

	Kind regards,

- --
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org


More information about the samba mailing list