I'm still unable to pinpoint this problem and am getting desperate!
It appears to be something PAM related,as winbindd authenticates the
use fine, then fails at PAM:
From /var/log/auth.log:
Apr 17 20:24:22 localhost pam_winbind[29408]: user 'STATEART+test'
granted access
at the terminal:
SPNEGO login failed: Logon failurelang_tdb_init: /usr/share/samba/
en_AU:en_US:en_GB:en.msg: No such file or directory
session setup failed: NT_STATUS_LOGON_FAILURE
From /var/log/samba/log.berthog
[2006/04/17 20:44:39, 3] auth/auth.c:check_ntlm_password(268)
check_ntlm_password: winbind authentication for user [test] succeeded
[2006/04/17 20:44:39, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2006/04/17 20:44:39, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx
(0) : conn_ctx_stack_ndx = 0[2006/04/17 20:44:39, 3] smbd/
sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) -
sec_ctx_stack_ndx = 1
[2006/04/17 20:44:39, 5] auth/auth_util.c:debug_nt_user_token(485)
NT user token: (NULL)[2006/04/17 20:44:39, 5] auth/
auth_util.c:debug_unix_user_token(506) UNIX token of user 0 Primary
group is 0 and contains 0 supplementary groups
[2006/04/17 20:44:39, 4] auth/pampass.c:smb_pam_start(459)
smb_pam_start: PAM: Init user: STATEART+test
[2006/04/17 20:44:39, 4] auth/pampass.c:smb_pam_start(476)
smb_pam_start: PAM: setting rhost to: 127.0.0.1
[2006/04/17 20:44:39, 4] auth/pampass.c:smb_pam_start(485)
smb_pam_start: PAM: setting tty
[2006/04/17 20:44:39, 4] auth/pampass.c:smb_pam_start(493)
smb_pam_start: PAM: Init passed for user: STATEART+test
[2006/04/17 20:44:39, 4] auth/pampass.c:smb_pam_account(551)
smb_pam_account: PAM: Account Management for User: STATEART+test
[2006/04/17 20:44:39, 0] auth/pampass.c:smb_pam_account(573)
smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management
for User: STATEART+test
[2006/04/17 20:44:39, 2] auth/pampass.c:smb_pam_error_handler(73)
smb_pam_error_handler: PAM: Account Check Failed : Authentication
service cannot retrieve authentication info.
[2006/04/17 20:44:39, 0] auth/pampass.c:smb_pam_accountcheck(781)
smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User
STATEART+test!
Begin forwarded message:
From: Emrys Hughes <[EMAIL PROTECTED]>
Date: 9 April 2006 11:21:33 PM
To: [email protected]
Subject: Fwd: domain member server authentication problem
I still haven't been able to resolve this problem and have received
no response so I re-post.....apologies if this is bad manners.
I have tried altering /etc/pam.d/samba so it reads as follows, but
still no joy:
@include common-auth
@include common-account
@include common-session
account required /lib/security/pam_winbind.so
auth required /lib/security/pam_winbind.so
Begin forwarded message:
From: Emrys Hughes <[EMAIL PROTECTED]>
Date: 5 April 2006 8:31:04 PM
To: [email protected]
Subject: domain member server authentication problem
Hi
I'm having problems implementing a domain member server using
winbind.
I've setup a test share on the server (BERTHOG) and test user
(alex) on the PDC (RODNEY).
Winbind seems to be running fine:
berthog:/srv$ wbinfo -n alex
S-1-5-21-2502943273-132007109-1129902423-3006 User (1)
But when I try to connect to the share:
berthog:/srv$ smbclient //BERTHOG/shared -U alex
Password:
session setup failed: NT_STATUS_LOGON_FAILURE
The machine log shows this:
[2006/04/05 20:14:36, 0] auth/pampass.c:smb_pam_account(573)
smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account
Management for User
: STATEART+alex
[2006/04/05 20:14:36, 0] auth/pampass.c:smb_pam_accountcheck(781)
smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting
User STATEART
+alex!
I don't believe any modifications have to be made to the PAM files
to get samba/winbind working?
Any advice would be gratefully recieved!
My smb.conf follows:
[global]
## Browsing/Identification ###
workgroup = stateart
netbios name = BERTHOG
server string = %h server (Samba %v)
wins support = no
wins server = 192.168.2.97
winbind use default domain = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template primary group = "Domain Users"
winbind separator = +
# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no
# What naming service and in what order should we use to resolve
host names
# to IP addresses
name resolve order = wins bcast hosts
#### Debugging/Accounting ####
log file = /var/log/samba/log.%m
max log size = 1000
; syslog only = no
syslog = 0
# Do something sensible when Samba crashes: mail the admin a
backtrace
panic action = /usr/share/samba/panic-action %d
####### Authentication #######
security = domain
; security = share
password server = *
domain master = no
# You may wish to use password encryption. See the section on
# 'encrypt passwords' in the smb.conf(5) manpage before enabling.
encrypt passwords = true
# If you are using encrypted passwords, Samba will need to know what
# password database type you are using.
passdb backend = tdbsam guest
obey pam restrictions = yes
; guest account = nobody
invalid users = root
; unix password sync = no
load printers = no
######## File sharing ########
# Name mangling options
; preserve case = yes
; short preserve case = yes
############ Misc ############
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
#======================= Share Definitions =======================
[shared]
path = /srv/TESTFS/shared
writeable = yes
valid users = alex
create mode = 0660
directory mode = 0770
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
