[Samba] samba winbind pam problem

[Matt Glover]

The specs:

Fedora Core 1
samba-3.0.7-2.FC1
openssh-3.6.1p2-19
pam-0.77-15

The details:

SAMBA is installed
computer is connected to the a Windows 2000 domain
wbinfo -u / -g / -t all give the desired results
getent passwd lists domain users

/etc/pam.d/sshd:

auth   sufficient   pam_winbind.so
auth   required pam_stack.so service=system-auth
auth   required pam_nologin.so
accountsufficient   pam_winbind.so
accountrequired pam_stack.so service=system-auth
password   sufficient   pam_winbind.so use_authtok
password   required pam_stack.so service=system-auth
sessionrequired pam_stack.so service=system-auth
#sessionrequired pam_limits.so
#sessionoptional pam_console.so

/etc/pam.d/system-auth:

# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
authrequired  /lib/security/$ISA/pam_env.so
authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok
authrequired  /lib/security/$ISA/pam_deny.so

account required  /lib/security/$ISA/pam_unix.so

passwordrequired  /lib/security/$ISA/pam_cracklib.so retry=3 type=
passwordsufficient/lib/security/$ISA/pam_unix.so nullok use_authtok md5
shadow
passwordrequired  /lib/security/$ISA/pam_deny.so

session required  /lib/security/$ISA/pam_mkhomedir.so skel=/etc/skel uma
sk=0022
session required  /lib/security/$ISA/pam_limits.so
session required  /lib/security/$ISA/pam_unix.so


The problem:

If I try to log in through ssh the messages log file shows I have been
granted access but the ssh session shows I have been disconnected from
the server.  The secure log shows:

Mar  9 11:10:43 webb sshd[2315]: Accepted password for matt from
1xx.2xx.1x.1xx port 1022
Mar  9 11:10:43 webb sshd[2317]: fatal: PAM session setup failed[6]:
Permission denied

Now if I create a directory in /export/httpd/users/ called matt I can
log in with no problem.  If I change the permissions on the
/export/httpd/users/ directory to 777 I can log in with no problem. 
So obviously pam_mkhomedir.so isn't being run with the correct
permissions.  I don't want to have to generate directories for each
user in our AD so hopefully someone can point out what I am missing. 
As a test I set up another machine running Core3 with a standard
install and it worked without a hitch.  I have compared the files
between the two systems and everything looks about the same  Any
help would be greatly appreciated!

 matt
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba/Winbind/PAM

[John Simovic]

Hi there. I have Samba 2.28 configured. wbinof returns all users and groups in the 
domain. I can getent passwd and everything works fine. But I cannot login using RH 9. 
My /etc/pam.d/login file is
authrequired /lib/security/pam_securetty.so
authrequired /lib/security/pam_nologin.so
authsufficient   /lib/security/pam_winbind.so
authrequired /lib/security/pam_pwdb.so use_first_pass shadow nullok
account required /lib/security/pam_winbind.so
#accountrequired /lib/security/pam_stack.so service=system-auth
passwordrequired /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_console.so

Is there anything I am missing here or do I have to edit other pam files as well? 
Regards.

**
This message is intended for the addressee named and may contain
privileged information or confidential information or both. If you
are not the intended recipient please delete it and notify the sender.
**
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba