[Samba] RE: windbind locks out domain account
Glenn Bailey
gbailey at terremark.com
Wed May 14 21:54:34 GMT 2008
ignore this ..
I was restricting group access via the 'auth' section instead of the 'session' section
thus causing the account to try and authenticate 4 times as I am restricting access to
4 groups, doh!
-----Original Message-----
From: samba-bounces+gbailey=terremark.com at lists.samba.org [mailto:samba-bounces+gbailey=terremark.com at lists.samba.org] On Behalf Of Glenn Bailey
Sent: Wednesday, May 14, 2008 4:02 PM
To: samba at lists.samba.org
Subject: [Samba] windbind locks out domain account
Howdy folks,
I'm having a weird issue here. I have winbind running on several other servers on our domain, and they are working fine. From what I can tell the configuration is identical, as I custom rolled my own RPM that set's all the config parameters.
What's happening is when I try to ssh to this one specific server, it seems looking at the logs it's trying to continuously authenticate off the domain with the wrong password and then locks the account out. Here's some info from the logs (names changed of course):
May 14 16:38:52 SERVER sshd[24479]: pam_winbind(sshd): user 'DOMAIN+user' OK May 14 16:38:52 SERVER sshd[24479]: pam_winbind(sshd): request failed: Wrong Password, PAM error was Authentication failure (7), NT error was NT_STATUS_WRONG_PASSWORD May 14 16:38:52 SERVER sshd[24479]: pam_winbind(sshd): user 'DOMAIN+user' denied access (incorrect password or invalid membership) May 14 16:38:52 SERVER sshd[24479]: pam_winbind(sshd): user 'DOMAIN+user' OK May 14 16:38:52 SERVER sshd[24479]: pam_winbind(sshd): request failed: Wrong Password, PAM error was Authentication failure (7), NT error was NT_STATUS_WRONG_PASSWORD May 14 16:38:52 SERVER sshd[24479]: pam_winbind(sshd): user 'DOMAIN+user' denied access (incorrect password or invalid membership) May 14 16:38:52 SERVER sshd[24479]: pam_winbind(sshd): user 'DOMAIN+user' OK May 14 16:38:52 SERVER sshd[24479]: pam_winbind(sshd): request failed: Wrong Password, PAM error was Authentication failure (7), NT error was NT_STATUS_WRONG_PASSWORD May 14 16:38:52 SERVER sshd[24479]: pam_winbind(sshd): user 'DOMAIN+user' denied access (incorrect password or invalid membership) May 14 16:38:52 SERVER sshd[24479]: pam_winbind(sshd): user 'DOMAIN+user' OK May 14 16:38:52 SERVER sshd[24479]: pam_winbind(sshd): request failed: Account locked out, PAM error was Have exhasted maximum number of retries for service. (11), NT error was NT_STATUS_ACCOUNT_LOCKED_OUT
Anyone seen anything like this before? I just type in my password once, and whammmo, account locked out! ;-)
Glenn E. Bailey III
terremark worldwide
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list