A Debian/Lenny-Server is connected to a PDC (using samba) and tries to authenticate logins via pam_winbind. User mapping and everything else needed works fine (i.e. especially getent shows all the accounts), however remote logins of domain users fail. I have:
| gatekeeper:~# cat /etc/pam.d/common-auth | [...] | auth sufficient pam_unix.so nullok_secure | auth required pam_winbind.so debug use_first_pass and (limited to the winbind-relevant entries) in the smb.conf: | workgroup = [...] | netbios name = [...] | os level = 0 | preferred master = no | domain master = no | local master = no | security = domain | wins support = no | wins server = [...] | password server = [...] | passdb backend = tdbsam | obey pam restrictions = yes | idmap uid = 10000-20000 | idmap gid = 10000-20000 | template shell = /bin/bash | winbind enum groups = yes | winbind enum users = yes | winbind use default domain = yes and if someone tries to login, I get: | [...] sshd[19524]: pam_winbind(sshd:auth): [pamh: 0x7f4a5dd15040] ENTER: pam_sm_authenticate (flags: 0x0001) | [...] sshd[19524]: pam_winbind(sshd:auth): getting password (0x00000011) | [...] sshd[19524]: pam_winbind(sshd:auth): pam_get_item returned a password | [...] sshd[19524]: pam_winbind(sshd:auth): Verify user 'sfroehli' | [...] sshd[19524]: pam_winbind(sshd:auth): request failed: Invalid parameter, PAM error was System error (4), NT error was NT_STATUS_INVALID_PARAMETER | [...] sshd[19524]: pam_winbind(sshd:auth): internal module error (retval = 4, user = 'sfroehli') | [...] sshd[19524]: pam_winbind(sshd:auth): [pamh: 0x7f4a5dd15040] LEAVE: pam_sm_authenticate returning 4 | [...] sshd[19524]: Failed password for sfroehli from 192.168.1.245 port 49078 ssh2 Sounds to me like "almost working, but not quite". Looking for a solution on the net only brought up an IRC-log of the samba developers which is not really enlightening to me (plus a german clone of this posting sent by me a few days ago). The problem is, I do not even know where to start looking for an error (which I assume had been made by me at some place, as this is not such an uncommon setting). Any ideas? Ciao, Stefan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
