Hi, I've read through some of the posts and can't see an answer to my query so I'm throwing it here :)
GOAL: To use Winbind to authenticate users against directory,for Console Login, GDM, SSH etc While this has been somewhat successful, there are a few errors that I would like to remove (if possible). Firstly : When I ssh with an AD user all appears to log in ok, except the ssh client in windows throws up 'Enter your Authentication Response', and in the syslog there are 2 entries : pam_winbind[12657]: user 'bill' granted access pam_winbind[12657]: user 'bill' granted access sshd[12714]: Accepted keyboard-interactive/pam for bill from xx.xx.xx.xx port 1423 ssh2 sshd(pam_unix)[12720]: session opened for user bill by (uid=0) Shouldn't there just be one pam_winbind entry? Secondly : When I ssh with a non AD user,such as root, windows still throws up 'Enter your Authentication Response', and in the syslog, the following : pam_winbind[12682]: request failed: No such user, PAM error was 10, NT error was NT_STATUS_NO_SUCH_USER pam_winbind[12682]: user 'root' granted access sshd[12677]: Accepted keyboard-interactive/pam for root from xx.xx.xx.xx port 1413 ssh2 sshd(pam_unix)[12683]: session opened for user root by root(uid=0) Now, although it did indeed log my root user in, I'm baffled as to why winbind even attempted to look in the AD. In the nsswitch.conf (below) it clearly states COMPAT WINBIND,which I took to believe, that it would look in files first (e.g passwd/group) and then winbind would query the AD,but clearly this error states otherwise. # /etc/nsswitch.conf: passwd: compat winbind shadow: compat group: compat winbind # /etc/pam/sshd #%PAM-1.0 auth required pam_stack.so service=system-auth-winbind auth required pam_shells.so auth required pam_nologin.so account required pam_stack.so service=system-auth-winbind password required pam_stack.so service=system-auth-winbind session required pam_stack.so service=system-auth-winbind # /etc/pam/system-auth-winbind #%PAM-1.0 auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so likeauth nullok use_first_pass auth required /lib/security/pam_deny.so account sufficient /lib/security/pam_winbind.so account required /lib/security/pam_unix.so password required /lib/security/pam_cracklib.so retry=3 password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/pam_deny.so #session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so Any pointers or direct help would be gratefully received. Thanks -- _______________________________________________ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
