[Samba] PAM Offline Authentication in Ubuntu 22.04
Marco Gaiarin
gaio at lilliput.linux.it
Fri Jul 7 12:45:58 UTC 2023
Mandi! Rowland Penny via samba
In chel di` si favelave...
> So put it into short terms, using the 'ad' idmap backend gives nothing
> but problems when 'winbind offline logon' is used, but (for myself)
> absolutely no problems if the 'rid' idmap backend is used.
I can confirm that. Switching to RID backand work as expected.
Only a little note: for some reason i can logon in console and SSH but not
in GDM;
Jul 7 14:34:02 dane gdm-password]: pam_unix(gdm-password:session): session closed for user gaio
Jul 7 14:34:02 dane gdm-password]: pam_winbind(gdm-password:setcred): user 'gaio' OK
Jul 7 14:34:02 dane systemd-logind[1198]: Session 4 logged out. Waiting for processes to exit.
Jul 7 14:34:02 dane systemd-logind[1198]: Removed session 4.
Jul 7 14:34:28 dane login[2867]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty2 ruser= rhost= user=root
Jul 7 14:34:28 dane login[2867]: pam_winbind(login:auth): getting password (0x00000388)
Jul 7 14:34:28 dane login[2867]: pam_winbind(login:auth): pam_get_item returned a password
Jul 7 14:34:28 dane login[2867]: pam_winbind(login:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: The specified account does not exist.
Jul 7 14:35:01 dane CRON[3567]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Jul 7 14:35:01 dane CRON[3567]: pam_unix(cron:session): session closed for user root
Jul 7 14:35:06 dane sshd[3571]: pam_krb5(sshd:auth): authentication failure; logname=gaio uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1
Jul 7 14:35:06 dane sshd[3571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 user=gaio
Jul 7 14:35:06 dane sshd[3571]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul 7 14:35:06 dane sshd[3571]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul 7 14:35:06 dane sshd[3571]: pam_winbind(sshd:auth): user 'gaio' granted access
Jul 7 14:35:07 dane sshd[3571]: Accepted password for gaio from 127.0.0.1 port 39200 ssh2
Jul 7 14:35:07 dane sshd[3571]: pam_unix(sshd:session): session opened for user gaio(uid=11105) by (uid=0)
Jul 7 14:35:07 dane systemd-logind[1198]: New session 8 of user gaio.
Jul 7 14:35:07 dane systemd: pam_unix(systemd-user:session): session opened for user gaio(uid=11105) by (uid=0)
Jul 7 14:35:09 dane sshd[3787]: Received disconnect from 127.0.0.1 port 39200:11: disconnected by user
Jul 7 14:35:09 dane sshd[3787]: Disconnected from user gaio 127.0.0.1 port 39200
Jul 7 14:35:09 dane sshd[3571]: pam_unix(sshd:session): session closed for user gaio
Jul 7 14:35:09 dane sshd[3571]: pam_winbind(sshd:setcred): user 'gaio' OK
Jul 7 14:35:09 dane systemd-logind[1198]: Session 8 logged out. Waiting for processes to exit.
Jul 7 14:35:09 dane systemd-logind[1198]: Removed session 8.
but probably there's some glitches somewhere, Oh, ok, found. What a jerk.
UID/GID was still the rfc2307 ones. ;-)
But still this lead me to some question:
1) this is a BUG?
2) this is a regression? Older versions of Samba worked in the same
laptop...
Someone can (try to) explain? Thanks.
--
Siamo circondati da troppa gente piena di sé. E a quelli pieni di sé,
io preferisco le persone piene di se, di ma, di forse. (Tonio Dell'Olio)
More information about the samba
mailing list