[Samba] winbind authentification trouble

Dale Schroeder dale at BriannasSaladDressing.com
Thu Sep 9 11:50:46 MDT 2010 

  Stefan,

I used the pam settings from this article as a starting point.
http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3502441_1

It places the directives in the login file instead of common-auth.  
Otherwise, the basic
differences are that I have "sufficient" on both; the order is reversed; 
and use_first_pass
option is applied to pam_unix.so.

Adapt as necessary for your environment.

Dale


On 09/09/2010 9:22 AM, Stefan Froehlich wrote:
> A Debian/Lenny-Server is connected to a PDC (using samba) and tries to
> authenticate logins via pam_winbind. User mapping and everything else
> needed works fine (i.e. especially getent shows all the accounts),
> however remote logins of domain users fail. I have:
>
> | gatekeeper:~# cat /etc/pam.d/common-auth
> | [...]
> | auth    sufficient      pam_unix.so nullok_secure
> | auth    required        pam_winbind.so debug use_first_pass
>
> and (limited to the winbind-relevant entries) in the smb.conf:
>
> | workgroup = [...]
> | netbios name = [...]
> | os level = 0
> | preferred master = no
> | domain master = no
> | local master = no
> | security = domain
> | wins support = no
> | wins server = [...]
> | password server = [...]
> | passdb backend = tdbsam
> | obey pam restrictions = yes
> | idmap uid = 10000-20000
> | idmap gid = 10000-20000
> | template shell = /bin/bash
> | winbind enum groups = yes
> | winbind enum users = yes
> | winbind use default domain = yes
>
>
> and if someone tries to login, I get:
>
> | [...] sshd[19524]: pam_winbind(sshd:auth): [pamh: 0x7f4a5dd15040] ENTER: pam_sm_authenticate (flags: 0x0001)
> | [...] sshd[19524]: pam_winbind(sshd:auth): getting password (0x00000011)
> | [...] sshd[19524]: pam_winbind(sshd:auth): pam_get_item returned a password
> | [...] sshd[19524]: pam_winbind(sshd:auth): Verify user 'sfroehli'
> | [...] sshd[19524]: pam_winbind(sshd:auth): request failed: Invalid parameter, PAM error was System error (4), NT error was NT_STATUS_INVALID_PARAMETER
> | [...] sshd[19524]: pam_winbind(sshd:auth): internal module error (retval = 4, user = 'sfroehli')
> | [...] sshd[19524]: pam_winbind(sshd:auth): [pamh: 0x7f4a5dd15040] LEAVE: pam_sm_authenticate returning 4
> | [...] sshd[19524]: Failed password for sfroehli from 192.168.1.245 port 49078 ssh2
>
> Sounds to me like "almost working, but not quite". Looking for a solution on
> the net only brought up an IRC-log of the samba developers which is not really
> enlightening to me (plus a german clone of this posting sent by me a few days
> ago).
>
> The problem is, I do not even know where to start looking for an error (which I
> assume had been made by me at some place, as this is not such an uncommon
> setting).
>
> Any ideas?
>
> Ciao,
> Stefan

More information about the samba mailing list