[Samba] winbind when machine account is not allowed to read users from ad

Stefan Heß hess at isd.uni-stuttgart.de
Wed Dec 4 03:57:30 MST 2013


Hi,

Thanks for your reply.
I did some tests using different pam stacks, copied from howtos and
generated from ubuntu it self ("pam-auth-update") with and without
pam_krb5. Nothing worked.
As I started writing I wanted to copy the logs and for that I had to
rerun my different pam stacks. Suddenly the pam_krb5 config generated by
pam-auth-update worked.
I don't know what the difference was the generated pam_krb5 stack from
yesterday and the one half an hour ago?

Cheers
Stefan



Am Dienstag, den 03.12.2013, 15:30 +0100 schrieb steve:
> On Tue, 2013-12-03 at 14:08 +0100, Stefan Heß wrote:
> 
> > /var/log/auth.log:
> > 
> > login[739]: pam_unix(login:auth): check pass; user unknown
> > login[739]: pam_unix(login:auth): authentication failure; logname=LOGIN
> > uid=0 euid=0 tty=/dev/tty2 ruser= rhost=
> > login[739]: pam_winbind(login:auth): [pamh: 0x190d460] ENTER:
> > pam_sm_authenticate (flags: 0x0000)
> > login[739]: pam_winbind(login:auth): getting password (0x00004389)
> > login[739]: pam_winbind(login:auth): pam_get_item returned a password
> > login[739]: pam_winbind(login:auth): Verify user 'USER'
> > login[739]: pam_winbind(login:auth): PAM config: krb5_ccache_type 'FILE'
> > login[739]: pam_winbind(login:auth): [pamh: 0x190d460] LEAVE:
> > pam_sm_authenticate returning 10 (PAM_USER_UNKNOWN)
> > login[739]: pam_krb5(login:auth): user ------ authenticated as
> > USER at DOMAIN.NET
> > login[739]: pam_unix(login:account): could not identify user (from
> > getpwnam(USER))
> > login[739]: Authentication failure 
> > 
> > 
> > Thanks
> > Stefan
> > 
> 
> Hi
> I think your pam stack is in the wrong order or has the wrong options.
> RU allowed to post it?
> Cheers,
> Steve
> 
> 

-- 
Dipl. Ing. Stefan Heß
Arbeitsgruppe Ähnlichkeitsmechanik

Telefon: +49 (0)711 685 69532
E-Mail:  hess at isd.uni-stuttgart.de

Postadresse:
Universität Stuttgart
Institut für Statik und Dynamik der Luft- und Raumfahrtkonstruktionen
Pfaffenwaldring 31 - Zimmer 02.205
70569 Stuttgart



More information about the samba mailing list