[Samba] Problem with Login Shell in User Information using Winbind

Aniket Bharaswadkar aniketvb85 at gmail.com
Fri Jun 6 00:08:35 GMT 2008 

Ok I got around the problem of /bin/false shell ! I rechecked all the configs 
and joined the machines to to domain again using 

net join ads -w asurite -U Administrator -S <server-name>

and it showed proper login shell in getent output! So users can login now, and 
thanks to Philipoff's excellent suggestion, I have given ssh access only to 
admins group using pam_succeed_if.so 

Only issue now is , intermittently winbind seems to die and getent produces no 
output , and users cannot login , the /var/log/secure entries are 

Jun  5 16:06:24 mymachine sshd[15223]: pam_winbind(sshd:account): 
pam_winbind_request: read from socket failed!                             
Jun  5 16:06:24 mymachine sshd[15223]: pam_winbind(sshd:account): internal 
module error (retval = 3, user = 'abhinan')                     
Jun  5 16:06:24 mymachine sshd[15223]: Failed password for abhinan from 
129.219.249.116 port 50991 ssh2                                    
Jun  5 16:06:24 mymachine sshd[15224]: fatal: Access denied for user abhinan 
by PAM account configuration             

A restart of winbind service fixes this problem. Also during this, the 
winbindd log shows error regarding DCERPC_FAULT_ACCESS_DENIED . 

So thanks to all here, apart from this issue my original problem is solved 
now! 

Cheers

On Thursday 05 June 2008 08:25:34 Gerald (Jerry) Carter wrote:
> Aniket Bharaswadkar wrote:
> > I already had template shell = /bin/bash in my smb.conf, and still
> > winbind was reporting the shell as /bin/false. This is the real problem.
> > Winbind seems to ignore the template shell directive from the config
> > file!!! First I tried with a manually edited file, next I configured
> > using authconfig-gtk in fedora, both give same  results (ie shell
> > reported as /bin/false. I am posting my current smb.conf here.
>
> Are you absolutely sure you restarted winbindd after making
> any config changes?  Also in current versions the nss_info data
> is cached for a period of "winbind cache time seconds" so you may
> need to purge winbindd_cache.tdb.  Also check for any other
> caching services (e.g. nscd) outside of winbindd.
>
>
>
> cheers, jerry

More information about the samba mailing list