Hi, I have attached a pam.conf file for Solaris 9.
I had to re-create the file. It has been tested for telnet,rlogin and ftp using winbind for 3.0.1 as a W2003 Server member. /Patrik On Mon, 2004-01-19 at 15:45, Ganguly, Sapan wrote: > Patrik, > > Hello! I have been waiting for you to get back, you may be able to help me. > I am having trouble making winbind work with Solaris 9. I was wondering if > you could post a copy of your pam.conf again so that I can double check that > I have a correct copy of it? > > The problem I am having is that when I try to log in with an NT username and > password the login process hangs after I put the password in. I don't know > why this happens because getent works. I decided to log what is going on in > PAM, here is what I got - > > Jan 14 13:29:55 sun001 pam_winbind[15352]: [ID 571141 auth.debug] > libpam_winbind:pam_sm_close_sessio > n handler > Jan 14 13:29:59 sun001 login: [ID 634615 auth.debug] > pam_authtok_get:pam_sm_authenticate: flags = 0 Jan 14 13:30:05 sun001 login: > [ID 378613 auth.debug] pam_dhkeys: user ganguly not found Jan 14 13:30:05 > sun001 login: [ID 896952 auth.debug] pam_unix_auth: entering > pam_sm_authenticate() Jan 14 13:30:05 sun001 login: [ID 219349 auth.debug] > pam_unix_auth: user ganguly not found Jan 14 13:30:05 sun001 > pam_winbind[15369]: [ID 572310 auth.info] Verify user `ganguly' Jan 14 > 13:30:05 sun001 pam_winbind[15369]: [ID 614614 auth.notice] user 'ganguly' > granted acces Jan 14 13:30:05 sun001 login[15369]: [ID 509786 auth.debug] > roles pam_sm_authenticate, service = tel net user = ganguly ruser = not set > rhost = 192.168.224.90 > > Thanks for any help you can offer! > > Sapan > > -----Original Message----- > From: Patrik Gustavsson [mailto:[EMAIL PROTECTED] > Sent: 19 January 2004 14:39 > To: Unix Service (ANTS) > Cc: '[EMAIL PROTECTED]' > Subject: Re: [Samba] winbind and Solaris 9 with AD > > > Hi, > > I have the following libraries and links in /usr/lib and > it works: > > libnss_winbind.so > libnss_winbind.so.1 -> libnss_winbind.so > nss_winbind.so.1 -> libnss_winbind.so > > /Patrik > On Mon, 2004-01-19 at 13:13, Unix Service (ANTS) wrote: > > Hi > > > > have been trying to get winbind working on Solaris 9 but to no effect. > > > > version info: > > > > samba: 3.0.0 > > openldap: 2.1.23 > > kerberos: MIT 1.3.1 > > > > Have followed the instructions in every howto, usenet posting I could > > find: > > > > nscd not running > > created relevant links in /lib and /lib/security/sparcv9 applied patch > > for nsswitch as recommended > > > > kinit -e works > > net ads join works > > wbinfo -t works > > wbinfo -u gives list of all users in all trusted domains getent > > doesn't work samba authentication doesn't work - get the following in > > winbindd.log: > > > > [2004/01/19 10:59:27, 5] nsswitch/winbindd_pam.c:(379) > > NTLM CRAP authentication for user [DEV]\[test7] returned > > NT_STATUS_OK (PAM: 0) [2004/01/19 10:59:27, 3] > > nsswitch/winbindd_acct.c:(875) > > [ 3551]: create_user: user=>(test7), group=>() > > [2004/01/19 10:59:27, 5] nsswitch/winbindd_acct.c:(521) > > wb_getgrnam: Did not find group (nobody) > > > > my smb.conf is: > > > > workgroup = DEV > > #workgroup = DEV.ANTS.AD.ANPLC.CO.UK > > realm = DEV.ANTS.AD.ANPLC.CO.UK > > security = ADS > > password server = lonsd010.dev.ants.ad.anplc.co.uk > > dns proxy = no > > idmap gid = 70000-80000 > > idmap uid = 800000-900000 > > winbind cache time = 15 > > winbind use default domain = yes > > winbind enum users = yes > > winbind enum groups = yes > > encrypt passwords = yes > > log level = 9 > > > > [temp] > > path = /tmp > > read list = @users > > > > [docs] > > path = /var/tmp/samba-3.0.0 > > read list = @users > > > > I would appreciate any pointers as to further debugging I could do or > > possible problems as being able to use winbind to deal with samba > > authentication would make life a great deal easier. > > > > > > > > > > ********************************************************************** > > ***** > > This communication (including any attachments) contains confidential > information. If you are not the intended recipient and you have received > this communication in error, you should destroy it without copying, > disclosing or otherwise using its contents. Please notify the sender > immediately of the error. > > > > Internet communications are not necessarily secure and may be > > intercepted or changed after they are sent. Abbey National Treasury > > Services plc does not accept liability for any loss you may suffer as > > a result of interception or any liability for such changes. If you > > wish to confirm the origin or content of this communication, please > > contact the sender by using an alternative means of communication. > > > > This communication does not create or modify any contract and, unless > > otherwise stated, is not intended to be contractually binding. > > > > Abbey National Treasury Services plc. Registered Office: Abbey > > National House, 2 Triton Square, Regents Place, London NW1 3AN. > Registered in England under Company Registration Number: 2338548. Regulated > by the Financial Services Authority (FSA). > > > *************************************************************************** > -- > "In a world without fences who needs Gates" > Patrik Gustavsson, Senior Technical Consultant > [EMAIL PROTECTED] Telephone: +46 60 671540 > http://glen.sweden Mobile: +46 70 3551040 > SUN MICROSYSTEMS Fax: +46 60 671550 > -------------------------------------------------------------- > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- "In a world without fences who needs Gates" Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.sweden Mobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 --------------------------------------------------------------
# #ident "@(#)pam.conf 1.20 02/01/23 SMI" # # Copyright 1996-2002 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # PAM configuration # # Unless explicitly defined, all services use the modules # defined in the "other" section. # # Modules are defined with relative pathnames, i.e., they are # relative to /usr/lib/security/$ISA. Absolute path names, as # present in this file in previous releases are still acceptable. # # Authentication management # # login service (explicit because of pam_dial_auth) # login auth requisite pam_authtok_get.so.1 login auth sufficient pam_winbind.so.1 try_first_pass login auth required pam_dhkeys.so.1 login auth required pam_unix_auth.so.1 login auth required pam_dial_auth.so.1 # # rlogin service (explicit because of pam_rhost_auth) # rlogin auth sufficient pam_rhosts_auth.so.1 rlogin auth requisite pam_authtok_get.so.1 rlogin auth sufficient pam_dhkeys.so.1 rlogin auth sufficient pam_unix_auth.so.1 rlogin auth sufficient pam_winbind.so.1 try_first_pass # # rsh service (explicit because of pam_rhost_auth, # and pam_unix_auth for meaningful pam_setcred) # rsh auth sufficient pam_rhosts_auth.so.1 rsh auth required pam_unix_auth.so.1 # # PPP service (explicit because of pam_dial_auth) # ppp auth requisite pam_authtok_get.so.1 ppp auth required pam_dhkeys.so.1 ppp auth required pam_unix_auth.so.1 ppp auth required pam_dial_auth.so.1 # # Default definitions for Authentication management # Used when service name is not explicitly mentioned for authenctication # other auth requisite pam_authtok_get.so.1 other auth sufficient pam_dhkeys.so.1 other auth sufficient pam_unix_auth.so.1 other auth sufficient pam_winbind.so.1 try_first_pass # # passwd command (explicit because of a different authentication module) # passwd auth required pam_passwd_auth.so.1 # # cron service (explicit because of non-usage of pam_roles.so.1) # cron account required pam_projects.so.1 cron account required pam_unix_account.so.1 # # Default definition for Account management # Used when service name is not explicitly mentioned for account management # other account requisite pam_roles.so.1 other account required pam_projects.so.1 other account sufficient pam_unix_account.so.1 other account sufficient pam_winbind.so.1 try_first_pass # # Default definition for Session management # Used when service name is not explicitly mentioned for session management # other session required pam_unix_session.so.1 # # Default definition for Password management # Used when service name is not explicitly mentioned for password management # other password required pam_dhkeys.so.1 other password requisite pam_authtok_get.so.1 other password requisite pam_authtok_check.so.1 other password required pam_authtok_store.so.1 # # Support for Kerberos V5 authentication (uncomment to use Kerberos) # #rlogin auth optional pam_krb5.so.1 try_first_pass #login auth optional pam_krb5.so.1 try_first_pass #other auth optional pam_krb5.so.1 try_first_pass #cron account optional pam_krb5.so.1 #other account optional pam_krb5.so.1 #other session optional pam_krb5.so.1 #other password optional pam_krb5.so.1 try_first_pass
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
