[Samba] Problem with Login Shell in User Information using Winbind
Aniket Bharaswadkar
aniketvb85 at gmail.com
Fri Jun 6 00:08:35 GMT 2008
Ok I got around the problem of /bin/false shell ! I rechecked all the configs
and joined the machines to to domain again using
net join ads -w asurite -U Administrator -S <server-name>
and it showed proper login shell in getent output! So users can login now, and
thanks to Philipoff's excellent suggestion, I have given ssh access only to
admins group using pam_succeed_if.so
Only issue now is , intermittently winbind seems to die and getent produces no
output , and users cannot login , the /var/log/secure entries are
Jun 5 16:06:24 mymachine sshd[15223]: pam_winbind(sshd:account):
pam_winbind_request: read from socket failed!
Jun 5 16:06:24 mymachine sshd[15223]: pam_winbind(sshd:account): internal
module error (retval = 3, user = 'abhinan')
Jun 5 16:06:24 mymachine sshd[15223]: Failed password for abhinan from
129.219.249.116 port 50991 ssh2
Jun 5 16:06:24 mymachine sshd[15224]: fatal: Access denied for user abhinan
by PAM account configuration
A restart of winbind service fixes this problem. Also during this, the
winbindd log shows error regarding DCERPC_FAULT_ACCESS_DENIED .
So thanks to all here, apart from this issue my original problem is solved
now!
Cheers
On Thursday 05 June 2008 08:25:34 Gerald (Jerry) Carter wrote:
> Aniket Bharaswadkar wrote:
> > I already had template shell = /bin/bash in my smb.conf, and still
> > winbind was reporting the shell as /bin/false. This is the real problem.
> > Winbind seems to ignore the template shell directive from the config
> > file!!! First I tried with a manually edited file, next I configured
> > using authconfig-gtk in fedora, both give same results (ie shell
> > reported as /bin/false. I am posting my current smb.conf here.
>
> Are you absolutely sure you restarted winbindd after making
> any config changes? Also in current versions the nss_info data
> is cached for a period of "winbind cache time seconds" so you may
> need to purge winbindd_cache.tdb. Also check for any other
> caching services (e.g. nscd) outside of winbindd.
>
>
>
> cheers, jerry
More information about the samba
mailing list