[Samba] UserPrincipalName with samba/winbind 3.2

Nicolas.CLEMENTZ at uha.fr Nicolas.CLEMENTZ at uha.fr
Mon Feb 25 11:51:36 GMT 2008



Hi,

      I'm currently trying the 3.2 version of winbindd (pam + nss +
winbindd). I would like to loging with the userPrincipalName on à Win 2k3
but I can't. Winbindd retrun NT_STATUS_INVALID_PARAMETER_MIX (PAM: 4)
Any idea


winbindd --version output :
      Version 3.2.0pre2-GIT--e 85eec1d-test



My smb.conf file :

   [global]
           security = ads
           realm = IUT-COLMAR.NET
           password server = 10.252.254.10
           workgroup = IUT-COLMAR
   #       winbind separator = +
           idmap backend = idmap_rid:IUT-COLMAR=70000-1000000
           idmap uid = 70000-1000000
           idmap gid = 70000-1000000
           winbind enum users = yes
           winbind enum groups = yes
           winbind expand groups = 1
           winbind offline logon = true
           winbind use default domain = yes
           winbind refresh tickets = true
           template homedir = /home/%D/%U
           template shell = /bin/bash
           client use spnego = yes
           client ntlmv2 auth = yes
           encrypt passwords = yes
           restrict anonymous = 2
           domain master = no
           local master = no
           preferred master = no
           os level = 0

           use kerberos keytab = True
           log level = 3
           log file = /var/log/samba/%m


   [public]
               path = /perso/public
               read only = no


/etc/pam.d/common.auth
   auth    sufficient      pam_winbind.so krb5_auth krb5_ccache_type=FILE
   debug debug_state cached_login

/var/log/auth.log

   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
   0xb7fd5d28] ENTER: pam_sm_authenticate (flags: 0x0001)
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
   0xb7fd5d28] STATE: ITEM(PAM_SERVICE) = "sshd" (0xb7fd5dd8)
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
   0xb7fd5d28] STATE: ITEM(PAM_USER) = "flavio.scollo at iut-colmar.net"
   (0xb7fce148)
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
   0xb7fd5d28] STATE: ITEM(PAM_TTY) = "ssh" (0xb7fd63f8)
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
   0xb7fd5d28] STATE: ITEM(PAM_RHOST) = "adm028.iut-colmar.net"
   (0xb7fd8520)
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
   0xb7fd5d28] STATE: ITEM(PAM_CONV) = 0xb7fda9e8
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): user
   'flavio.scollo at iut-colmar.net' OK
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): user
   'flavio.scollo at iut-colmar.net' OK
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth):
   getting password (0x00001381)
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): Verify
   user 'IUT-COLMAR\flavio.scollo'
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): PAM
   config: krb5_ccache_type 'FILE'
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth):
   enabling krb5 login flag
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth):
   enabling cached login flag
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth):
   enabling request for a FILE krb5 ccache
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth):
   request failed: NT_STATUS_INVALID_PARAMETER_MIX, PAM error was System
   error (4), NT error was NT_STATUS_INVALID_PARAMETER_MIX
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth):
   internal module error (retval = 4, user = 'IUT-COLMAR\flavio.scollo')
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
   0xb7fd5d28] LEAVE: pam_sm_authenticate returning 4
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
   0xb7fd5d28] STATE: ITEM(PAM_SERVICE) = "sshd" (0xb7fd5dd8)
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
   0xb7fd5d28] STATE: ITEM(PAM_USER) = "flavio.scollo at iut-colmar.net"
   (0xb7fce148)
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
   0xb7fd5d28] STATE: ITEM(PAM_TTY) = "ssh" (0xb7fd63f8)
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
   0xb7fd5d28] STATE: ITEM(PAM_RHOST) = "adm028.iut-colmar.net"
   (0xb7fd8520)
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
   0xb7fd5d28] STATE: ITEM(PAM_AUTHTOK) = 0xb7fd6408
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
   0xb7fd5d28] STATE: ITEM(PAM_CONV) = 0xb7fda9e8
   Feb 25 12:23:46 etusrv06-bis sshd[23471]: Failed password for invalid
   user flavio.scollo at iut-colmar.net from 10.252.12.12 port 37903 ssh2

Winbindd -F -i -d 10 last lines output :

   .....
   Returning valid cache entry: key =
   IDMAP/SID/S-1-5-21-1960408961-2147064713-1801674531-4452, value =
   IDMAP/UID/74452, timeout = Mon Feb 25 12:30:19 2008
   Storing response for pid 23500, len 3240
   Added timed event "async_request_timeout": b7f71d70
   timed_events_timeout: 299/999864
   Destroying timed event b7f71d70 "async_request_timeout"
   Retrieving response for pid 23500
   winbindd_sid2gid_async: Resolving
   S-1-5-21-1960408961-2147064713-1801674531-513 to a gid
   child daemon request 49
   child_process_request: request fn DUAL_SID2GID
   [23492]: sid to gid S-1-5-21-1960408961-2147064713-1801674531-513
   idmap_sid_to_gid: sid = [S-1-5-21-1960408961-2147064713-1801674531-513]
   Returning valid cache entry: key =
   IDMAP/SID/S-1-5-21-1960408961-2147064713-1801674531-513, value =
   IDMAP/GID/70513, timeout = Mon Feb 25 12:30:19 2008
   winbindd_dual_sid2gid: 0x00000000 -
   S-1-5-21-1960408961-2147064713-1801674531-513 - 70513
   Storing response for pid 23500, len 3240
   Added timed event "async_request_timeout": b7f6f810
   timed_events_timeout: 299/999909
   Destroying timed event b7f6f810 "async_request_timeout"
   Retrieving response for pid 23500
   accepted socket 18
   process_request: request fn INTERFACE_VERSION
   [23497]: request interface version
   process_request: request fn WINBINDD_PRIV_PIPE_DIR
   [23497]: request location of privileged pipe
   accepted socket 21
   process_request: request fn PAM_AUTH
   [23497]: pam auth IUT-COLMAR\FLAVIO.SCOLLO
   check_request_flags: invalid request flags[0x0000F092]
   Plain text authentication for IUT-COLMAR\FLAVIO.SCOLLO returned
   NT_STATUS_INVALID_PARAMETER_MIX (PAM: 4)



--------------------------------------------------------
Nicolas Clementz
Service Informatique Réseaux et Télécom.
IUT de Colmar



More information about the samba mailing list