[Samba] Problem with pam-auth and winbind

pk10 at ksiaznica.torun.pl pk10 at ksiaznica.torun.pl
Thu Mar 24 06:45:04 MDT 2011


Hi
I try to use windbind rule to authenticate users in dovecot login procedure.
/etc/nsswitch.conf file:
passwd: files winbind
shadow: files winbind
group: files winbind

when I try logon from my console to dovecot (pop3 server):
# telnet komp14 110
Trying 10.10.10.38...
Connected to komp.xxx.xxx (10.10.10.38).
Escape character is '^]'.
+OK Dovecot ready.
user tt1
+OK
pass xxxxxxxxx
-ERR Authentication failed.
quit
+OK Logging out
Connection closed by foreign host.

Of course password is corret becouse
#wbinfo -K tt1
Enter tt1's password:
plaintext kerberos password authentication for [tt1] succeeded (requesting
cctype: FILE)
credentials were put in: FILE:/tmp/krb5cc_0
In the logs files I can find coresponding to the telnet command to dovecot:
/var/log/auth.log
Mar 23 10:37:50 komp14 dovecot-auth: pam_unix(dovecot:auth):
authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=
tt1 rhost=10.10.10.38  user=tt1
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] ENTER: pam_sm_authenticate (flags: 0x0000)
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: ITEM(PAM_SERVICE) = "dovecot" (0x15c
fe00)
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: ITEM(PAM_USER) = "tt1" (0x15cfe20)
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: ITEM(PAM_TTY) = "dovecot" (0x15cbfa0
)
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: ITEM(PAM_RHOST) = "10.10.10.38" (0x1
5cbf60)
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: ITEM(PAM_RUSER) = "tt1" (0x15cbf80)
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: ITEM(PAM_AUTHTOK) = 0x15cc070
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: ITEM(PAM_CONV) = 0x15cfe40
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): getting
password (0x00001011)
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth):
pam_get_item returned a password
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): Verify
user 'tt1'
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): request
wbcLogonUser succeeded
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): user 'tt1'
granted access
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): Returned
user was 'tt1'
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] LEAVE: pam_sm_authenticate returning 0 (PAM
_SUCCESS)
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: ITEM(PAM_SERVICE) = "dovecot" (0x15c
fe00)
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: ITEM(PAM_USER) = "tt1" (0x15d6d30)
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: ITEM(PAM_TTY) = "dovecot" (0x15cbfa0
)
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: ITEM(PAM_RHOST) = "10.10.10.38" (0x1
5cbf60)
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: ITEM(PAM_RUSER) = "tt1" (0x15cbf80)
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: ITEM(PAM_AUTHTOK) = 0x15cc070
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: ITEM(PAM_CONV) = 0x15cfe40
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: DATA(PAM_WINBIND_LOGONSERVER) = "WBP
4" (0x15d6ed0)
Mar 23 10:37:50 komp14 dovecot-auth: PAM [pamh: 0x15cfc80] CLEAN: cleaning
up PAM data 0x15d6ed0 (error_status = 7)

but in dovecot log file /var/log/dovecot/info.log we have
Mar 23 10:37:50 pop3-login: Info: Aborted login (auth failed, 1 attempts):
user=<tt1>, method=PLAIN, rip=10.10.10.38, lip=10.10.10.38, secured
I'll be apreciate for any hints.
but in dovecot error log file /var/log/dovecot/error.log we have information:
Mar 23 10:37:50 auth-worker(default): Error: pam(tt1,10.10.10.38):
pam_acct_mgmt() failed: Authentication failure

This test was done with windbindd Version 3.5.3.
When I test it on another machine with windbind Version 3.0.24 (config
file are the same) authentication prosess is done properly.
Any HINTS????





More information about the samba mailing list