[Samba] cannot su, something may related to pam
Alex Wang
hadyn_whx at hotmail.com
Tue Jan 30 23:54:28 GMT 2007
Hi All
I installed samba 3.0.23d on the FreeBSD 5.4 through the port tree and
join to the Windows 2000 Domain. But I can't su anymore. And the Windows
client cannot go into the share folder.
I have pam_winbind.so at /usr/lib and /usr/local/lib.
The error message shows:
Jan 30 18:50:36 BSDSVR01 pam_winbind[26131]: request failed: No such user, PAM error was unknown user (13), NT error was NT_STATUS_NO_SUCH_USER
Jan 30 18:50:36 BSDSVR01 pam_winbind[26131]: request failed, but PAM error 0!
Jan 30 18:50:36 BSDSVR01 pam_winbind[26131]: internal module error (retval = 3, user = `root')
Jan 30 18:50:36 BSDSVR01 su[26131]: pam_acct_mgmt: error in service module
It seems jumped the local passwd file and just search the domain user
list. But even that, I still can't access the share folder from the
network. It shows the share folder but when I double click it, it ask me
for the password.
Here is the smb.conf
**************copy start*******************
[global]
workgroup = DOMAIN
realm = DOMAIN.COM
server string = Samba Server
security = ADS
allow trusted domains = No
password server = dc
syslog only = Yes
log level =3
log file = /var/log/samba/smb.log
max log size = 50
dns proxy = No
wins server = 192.168.0.10
passdb expand explicit = No
idmap uid = 600-20000
idmap gid = 600-20000
template homedir = /usr/samba/%U
template shell = /bin/sh
winbind cache time = 3600
winbind use default domain = Yes
winbind nested groups = Yes
winbind enum users = Yes
winbind enum groups = Yes
hosts allow = 192.168.0.
#[Test]
# path = /usr/samba
# read only = No
[Software]
comment = Application
path = /usr/samba/software
valid users = @"Domain Users",@"Domain Admins"
read only = Yes
write list = @"Domain Admins"
create mode = 0777
directory mode = 0777
******************copy end***********************
nsswitch.conf
******************copy start**********************
group: files winbind
group_compat: nis
hosts: files dns
networks: files
passwd: files winbind
passwd_compat: nis
shells: compat
*****************copy end***********************
/etc/pam.d/system
****************copy start*************************
# auth
auth sufficient /usr/lib/pam_winbind.so try_first_pass
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
#auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass nullok
# account
account required /usr/lib/pam_winbind.so
#account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
# session
#session optional pam_ssh.so
session required pam_lastlog.so no_fail
# password
password sufficient /usr/lib/pam_winbind.so try_first_pass
#password sufficient pam_krb5.so no_warn try_first_pass
password required pam_unix.so no_warn try_first_pass
****************************copy end**********************
Thanks a lot
Alex
More information about the samba
mailing list