Hi All,
I am trying to get authentication against AD using
Winbind and Samba 3. We use Kerberos 5 as well. I know
that winbind is running properly because when I run
wbinfo -a, I get success messages. The problem seems
to be when I try to play with the pam modules. For
kicks, here is the pam module for sshd:
#%PAM-1.0
auth sufficient pam_winbind.so debug
auth sufficient pam_unix2.so # set_secrpc
auth required pam_nologin.so
auth required pam_env.so
account sufficient pam_winbind.so debug
account required pam_unix2.so
account required pam_nologin.so
password required pam_pwcheck.so
password required pam_unix2.so use_first_pass
use_authtok
session required pam_unix2.so none # trace or debug
session required pam_limits.so
The frustrating thing is that nothing shows up in the
logs. SInce the auth is set to sufficient above, I can
still use the service using my local credentials. This
shows up in the logfiles...it shows the pam_winbind
failing while the pam_unix2 succeeding. But when I try
to use the service with DOMAIN+username, nothing shows
up in the logs. All I get is a permission denied when
I try to use the service.
Also, I don't know if this is related, but when I run
winbindd -d 3 -i I get:
.
.
smbldap_open_connection: connection opened
fetch_ldap_pw: neither ldap secret retrieved!
ldap_connect_system: Failed to retrieve password from
secrets.tdb
Connection to LDAP Server failed for the 1 try!
LDAP search failed: Invalid credentials
Query was: , (objectclass=sambaGroupMapping)
Unable to open passdb
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
scanning trusted domain list
I don't know if these problems could be related to the
fact that we are using Krb and the PDC might not be
configured for that???? I am not familiar with the
specifics of everything yet. Any ideas?? Any help is
much appreciated.
Thanks In Advance!
Aaron
__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
