On Mon, 2010-01-18 at 16:33 +0100, Kris Kaido wrote: > Hi List, > > I'm installing a Samba server with the intended purpose of serving files to > Windows users with seamless authentication on the smb server. > For that, I've been reading and following every single google search result > regarding the subject, but it seems I'm stuck at some point where other > people are not blocked ... > > To summarize, I have these commands OK: > # kinit [email protected] > # klist (ticket ok) > # net join ads -S server -U admin_user > # wbinfo -u and -g (both showing "DOMAIN\...") > # wbinfo -t (succeeded) > > I configured PAM to use winbind, and to test it I'm using ssh with the same > config as I will for samba > > Here's what I get when I try to ssh into my smb server using my AD > credentials: > Jan 18 15:34:18 smb sshd[9157]: pam_winbind(sshd:auth): getting password > (0x00000000) > Jan 18 15:34:18 smb sshd[9157]: pam_winbind(sshd:auth): request failed: > Named pipe dicconnected, PAM error was System error (4), NT error was > NT_STATUS_PIPE_DISCONNECTED > Jan 18 15:34:18 smb sshd[9157]: pam_winbind(sshd:auth): internal module > error (retval = 4, user = 'DOMAIN\myusername') > Jan 18 15:34:18 smb sshd[9157]: pam_unix(sshd:auth): authentication failure; > logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.5.6 > user= DOMAIN\myusername > Jan 18 15:34:20 smb sshd[9157]: Failed password for DOMAIN\myusername from > 192.168.5.6 port 50872 ssh2 > > Any idea on what this error (NT_STATUS...) means ? > > Also when trying this I get an error: > smb:~# wbinfo -a admin_user%admin_pwd > plaintext password authentication failed > Could not authenticate user henry_admin with plaintext password > challenge/response password authentication failed > error code was NT_STATUS_PIPE_DISCONNECTED (0xc00000b0) > error messsage was: Named pipe dicconnected > Could not authenticate user admin_user with challenge/response > smb:~# > > Here's my PAM config: > auth sufficient pam_winbind.so > auth required pam_unix.so use_first_pass > account sufficient pam_winbind.so > account required pam_unix.so > session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 > session sufficient pam_winbind.so > session required pam_unix.so > password requisite pam_cracklib.so retry=3 type= > password sufficient pam_unix.so nullok use_authtok md5 shadow > password sufficient pam_winbind.so use_first_pass > password required pam_deny.so > > Any help would be greatly appreciated. > > Thanks, > > k.
Two things. 1 - make sure nscd is disabled (not just stopped - disable it to prevent restarting on the next reboot) 2 - I found that using "winbind use default domain = yes" caused a lot of my default authentication issues to go away. I only have one domain and so I don't need the extra information / complexity of having to specify domains. Regards, Frank -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
