[Samba] cannot su, something may related to pam

Alex Wang hadyn_whx at hotmail.com
Tue Jan 30 23:54:28 GMT 2007

Hi All

I installed samba 3.0.23d on the FreeBSD 5.4 through the port tree and
join to the Windows 2000 Domain. But I can't su anymore. And the Windows
client cannot go into the share folder.

I have pam_winbind.so at /usr/lib and /usr/local/lib.

The error message shows:
Jan 30 18:50:36 BSDSVR01 pam_winbind[26131]: request failed: No such user, PAM error was unknown user (13), NT error was NT_STATUS_NO_SUCH_USER
Jan 30 18:50:36 BSDSVR01 pam_winbind[26131]: request failed, but PAM error 0!
Jan 30 18:50:36 BSDSVR01 pam_winbind[26131]: internal module error (retval = 3, user = `root')
Jan 30 18:50:36 BSDSVR01 su[26131]: pam_acct_mgmt: error in service module

It seems jumped the local passwd file and just search the domain user
list. But even that, I still can't access the share folder from the
network. It shows the share folder but when I double click it, it ask me
for the password.

Here is the smb.conf
**************copy start*******************
        workgroup = DOMAIN
        realm = DOMAIN.COM
        server string = Samba Server
        security = ADS
        allow trusted domains = No
        password server = dc
        syslog only = Yes
        log level =3
        log file = /var/log/samba/smb.log
        max log size = 50
        dns proxy = No
        wins server =
        passdb expand explicit = No
        idmap uid = 600-20000
        idmap gid = 600-20000
        template homedir = /usr/samba/%U
        template shell = /bin/sh
        winbind cache time = 3600
        winbind use default domain = Yes
        winbind nested groups = Yes
        winbind enum users = Yes
        winbind enum groups = Yes
        hosts allow = 192.168.0.

#        path = /usr/samba
#        read only = No

        comment = Application
        path = /usr/samba/software
        valid users = @"Domain Users",@"Domain Admins"
        read only = Yes
        write list = @"Domain Admins"
        create mode = 0777
        directory mode = 0777
******************copy end***********************

******************copy start**********************
group: files winbind
group_compat: nis
hosts: files dns
networks: files
passwd: files winbind
passwd_compat: nis
shells: compat
*****************copy end***********************

****************copy start*************************
# auth
auth           sufficient      /usr/lib/pam_winbind.so try_first_pass
auth            sufficient      pam_opie.so             no_warn no_fake_prompts
auth            requisite       pam_opieaccess.so       no_warn allow_local
#auth           sufficient      pam_krb5.so             no_warn try_first_pass
#auth           sufficient      pam_ssh.so              no_warn try_first_pass
auth            required        pam_unix.so             no_warn try_first_pass nullok

# account
account                required        /usr/lib/pam_winbind.so
#account        required        pam_krb5.so
account         required        pam_login_access.so
account         required        pam_unix.so

# session
#session        optional        pam_ssh.so
session         required        pam_lastlog.so          no_fail

# password
password        sufficient      /usr/lib/pam_winbind.so try_first_pass
#password       sufficient      pam_krb5.so             no_warn try_first_pass
password        required        pam_unix.so             no_warn try_first_pass
****************************copy end**********************

Thanks a lot


More information about the samba mailing list