[Samba] UserPrincipalName with samba/winbind 3.2
Nicolas.CLEMENTZ at uha.fr
Nicolas.CLEMENTZ at uha.fr
Mon Feb 25 11:51:36 GMT 2008
Hi,
I'm currently trying the 3.2 version of winbindd (pam + nss +
winbindd). I would like to loging with the userPrincipalName on à Win 2k3
but I can't. Winbindd retrun NT_STATUS_INVALID_PARAMETER_MIX (PAM: 4)
Any idea
winbindd --version output :
Version 3.2.0pre2-GIT--e 85eec1d-test
My smb.conf file :
[global]
security = ads
realm = IUT-COLMAR.NET
password server = 10.252.254.10
workgroup = IUT-COLMAR
# winbind separator = +
idmap backend = idmap_rid:IUT-COLMAR=70000-1000000
idmap uid = 70000-1000000
idmap gid = 70000-1000000
winbind enum users = yes
winbind enum groups = yes
winbind expand groups = 1
winbind offline logon = true
winbind use default domain = yes
winbind refresh tickets = true
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
restrict anonymous = 2
domain master = no
local master = no
preferred master = no
os level = 0
use kerberos keytab = True
log level = 3
log file = /var/log/samba/%m
[public]
path = /perso/public
read only = no
/etc/pam.d/common.auth
auth sufficient pam_winbind.so krb5_auth krb5_ccache_type=FILE
debug debug_state cached_login
/var/log/auth.log
Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
0xb7fd5d28] ENTER: pam_sm_authenticate (flags: 0x0001)
Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
0xb7fd5d28] STATE: ITEM(PAM_SERVICE) = "sshd" (0xb7fd5dd8)
Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
0xb7fd5d28] STATE: ITEM(PAM_USER) = "flavio.scollo at iut-colmar.net"
(0xb7fce148)
Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
0xb7fd5d28] STATE: ITEM(PAM_TTY) = "ssh" (0xb7fd63f8)
Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
0xb7fd5d28] STATE: ITEM(PAM_RHOST) = "adm028.iut-colmar.net"
(0xb7fd8520)
Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
0xb7fd5d28] STATE: ITEM(PAM_CONV) = 0xb7fda9e8
Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): user
'flavio.scollo at iut-colmar.net' OK
Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): user
'flavio.scollo at iut-colmar.net' OK
Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth):
getting password (0x00001381)
Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): Verify
user 'IUT-COLMAR\flavio.scollo'
Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): PAM
config: krb5_ccache_type 'FILE'
Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth):
enabling krb5 login flag
Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth):
enabling cached login flag
Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth):
enabling request for a FILE krb5 ccache
Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth):
request failed: NT_STATUS_INVALID_PARAMETER_MIX, PAM error was System
error (4), NT error was NT_STATUS_INVALID_PARAMETER_MIX
Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth):
internal module error (retval = 4, user = 'IUT-COLMAR\flavio.scollo')
Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
0xb7fd5d28] LEAVE: pam_sm_authenticate returning 4
Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
0xb7fd5d28] STATE: ITEM(PAM_SERVICE) = "sshd" (0xb7fd5dd8)
Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
0xb7fd5d28] STATE: ITEM(PAM_USER) = "flavio.scollo at iut-colmar.net"
(0xb7fce148)
Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
0xb7fd5d28] STATE: ITEM(PAM_TTY) = "ssh" (0xb7fd63f8)
Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
0xb7fd5d28] STATE: ITEM(PAM_RHOST) = "adm028.iut-colmar.net"
(0xb7fd8520)
Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
0xb7fd5d28] STATE: ITEM(PAM_AUTHTOK) = 0xb7fd6408
Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh:
0xb7fd5d28] STATE: ITEM(PAM_CONV) = 0xb7fda9e8
Feb 25 12:23:46 etusrv06-bis sshd[23471]: Failed password for invalid
user flavio.scollo at iut-colmar.net from 10.252.12.12 port 37903 ssh2
Winbindd -F -i -d 10 last lines output :
.....
Returning valid cache entry: key =
IDMAP/SID/S-1-5-21-1960408961-2147064713-1801674531-4452, value =
IDMAP/UID/74452, timeout = Mon Feb 25 12:30:19 2008
Storing response for pid 23500, len 3240
Added timed event "async_request_timeout": b7f71d70
timed_events_timeout: 299/999864
Destroying timed event b7f71d70 "async_request_timeout"
Retrieving response for pid 23500
winbindd_sid2gid_async: Resolving
S-1-5-21-1960408961-2147064713-1801674531-513 to a gid
child daemon request 49
child_process_request: request fn DUAL_SID2GID
[23492]: sid to gid S-1-5-21-1960408961-2147064713-1801674531-513
idmap_sid_to_gid: sid = [S-1-5-21-1960408961-2147064713-1801674531-513]
Returning valid cache entry: key =
IDMAP/SID/S-1-5-21-1960408961-2147064713-1801674531-513, value =
IDMAP/GID/70513, timeout = Mon Feb 25 12:30:19 2008
winbindd_dual_sid2gid: 0x00000000 -
S-1-5-21-1960408961-2147064713-1801674531-513 - 70513
Storing response for pid 23500, len 3240
Added timed event "async_request_timeout": b7f6f810
timed_events_timeout: 299/999909
Destroying timed event b7f6f810 "async_request_timeout"
Retrieving response for pid 23500
accepted socket 18
process_request: request fn INTERFACE_VERSION
[23497]: request interface version
process_request: request fn WINBINDD_PRIV_PIPE_DIR
[23497]: request location of privileged pipe
accepted socket 21
process_request: request fn PAM_AUTH
[23497]: pam auth IUT-COLMAR\FLAVIO.SCOLLO
check_request_flags: invalid request flags[0x0000F092]
Plain text authentication for IUT-COLMAR\FLAVIO.SCOLLO returned
NT_STATUS_INVALID_PARAMETER_MIX (PAM: 4)
--------------------------------------------------------
Nicolas Clementz
Service Informatique Réseaux et Télécom.
IUT de Colmar
More information about the samba
mailing list