[Samba] winbind pam trouble
lists
lists at merit.unu.edu
Mon Apr 11 18:48:55 UTC 2016
Hi,
I just upgraded my member (fileserver) server (wheezy) from sernet-4.1
to sernet-4.2, to be ready for tomorrow's badlock outbreak.
Under 4.1 we used sssd, and now 4.2 with winbind. Everything seems to be
running good: wbinfo (-p, -u, -g, -t) all give the expected results,
same for getent (group, passwd, username)
File serving works, life is good. :-)
Last step: allowing ssh access for AD users with a configured shell into
my member server -> PAM
I followed the list instructions: created the file
/usr/share/pam-configs/winbind with the content taken from the list.
Then run pam-auth-update, disabled SSS, enabled winbind. But alas...
logging in over ssh does not work, and auth.log tells me:
> Apr 11 20:18:32 filehost sshd[4884]: pam_winbind(sshd:auth): getting password (0x00000388)
> Apr 11 20:18:32 filehost sshd[4884]: pam_winbind(sshd:auth): pam_get_item returned a password
> Apr 11 20:18:32 filehost sshd[4884]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_SYSTEM_ERR (4), NTSTATUS: NT_STATUS_CONNECTION_DISCONNECTED, Error message was: The transport connection is now disconnected.
> Apr 11 20:18:32 filehost sshd[4884]: pam_winbind(sshd:auth): internal module error (retval = PAM_SYSTEM_ERR(4), user = 'username')
> Apr 11 20:18:34 filehost sshd[4884]: Failed password for username from x.y.z.88 port 49302 ssh2
Internal module error? WBC_ERR_AUTH_ERROR, PAM error: PAM_SYSTEM_ERR (4)?
Does anyone have an idea what is going on here?
MJ
More information about the samba
mailing list