It looks like I've gotten the majority of things working in regards to
Winbind. Users are being authenticated by the NT4 PDC when connecting to
shares, but I can't seem to get things set up correctly to allow logging in
via SSH(OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090702f). It
appears as though I'm successfully authenticated by the PDC, but then the
connection is immediately closed.
(I'm running Mandrake Linux v9.2 and Samba Version 3.0.1pre3.)
[testuser@linuxsmb testuser]$ ssh -lTESTDOM.COM\\testuser linuxsmb
TESTDOM.COM\testuser@linuxsmb's password:
Last login: Fri Nov 21 08:40:09 2003 from linuxsmb.TESTDOM.COM
Connection to linuxsmb closed.
[testuser@linuxsmb testuser]$ ssh -lTESTDOM.COM\\testuser linuxsmb
TESTDOM.COM\testuser@linuxsmb's password:
Last login: Fri Nov 21 08:40:44 2003 from linuxsmb.TESTDOM.COM
Connection to linuxsmb closed.
Here you can see by the "Last Login:" that is displayed, that I am
being
authenticated when I try connecting via ssh 2 times back to back:
Here's a smbclient session being authenticated via the NT PDC:
[testuser@linuxsmb testuser]$ smbclient
//linuxsmb/testuser -UTESTDOM.COM\\testuser -c 'ls *.txt'
Password:
SSD55287.txt 41401 Fri Nov 7 04:36:57 2003
New Text Document.txt A 0 Thu Nov 20 15:08:26 2003
64860 blocks of size 32768. 63759 blocks available
So it appears that things are working ??
When I try connecting via SSH, no dice. *sigh*
Here's a snippet from my /var/log/auth.log
Nov 21 08:34:52 linuxsmb pam_winbind[2842]: request failed: Wrong Password,
PAM error was 7, NT error was NT_STATUS_WRONG_PASSWORD
Nov 21 08:34:52 linuxsmb pam_winbind[2842]: user `TESTDOM.COM\testuser'
denied access (incorrect password)
Nov 21 08:34:52 linuxsmb sshd(pam_unix)[2842]: check pass; user unknown
Nov 21 08:34:52 linuxsmb sshd(pam_unix)[2842]: authentication failure;
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=linuxsmb.TESTDOM.COM
Nov 21 08:34:57 linuxsmb pam_winbind[2842]: user 'TESTDOM.COM\testuser'
granted acces
Nov 21 08:34:57 linuxsmb pam_winbind[2842]: user 'TESTDOM.COM\testuser'
granted acces
Nov 21 08:34:57 linuxsmb sshd[2842]: Accepted password for
TESTDOM.COM\\testuser from 198.246.197.240 port 32810 ssh2
/etc/pam.d/sshd
auth required pam_nologin.so
auth sufficient pam_winbind.so
auth required pam_unix.so use_first_pass shadow
auth required pam_env.so # [1]
account sufficient pam_winbind.so
account required pam_unix.so use_first_pass
session sufficient pam_mkhomedir.so skel=/etc/skel umask=0022
session required pam_unix.so
session optional pam_lastlog.so # [1]
session optional pam_motd.so # [1]
session optional pam_mail.so standard noenv # [1]
session required pam_limits.so
password required pam_unix.so
What am I missing here or doing wrong? Not sure if any other settings are
relevant, and hate blasting the list with a bunch of useless/unwanted text.
Any help/suggestions/insight would be greatly appreciated
Best Regards,
-=tim
Buchan Milne
2003-Nov-25 12:20 UTC
[Samba] Winbindd and SSH (just disconnects after login)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1> Message: 7 > Date: Fri, 21 Nov 2003 09:06:50 -0600 > From: "sambalists" <sambalists@rineco.com> > Subject: [Samba] Winbindd and SSH (just disconnects after login) > To: <samba@lists.samba.org> > Message-ID: <001001c3b041$17732210$b1c5f6c6@tjbxp> > Content-Type: text/plain; charset="iso-8859-1" > > It looks like I've gotten the majority of things working in regards to > Winbind. Users are being authenticated by the NT4 PDC when connecting to > shares, but I can't seem to get things set up correctly to allowlogging in> via SSH(OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090702f). It > appears as though I'm successfully authenticated by the PDC, but then the > connection is immediately closed. > > (I'm running Mandrake Linux v9.2 and Samba Version 3.0.1pre3.) > > [testuser@linuxsmb testuser]$ ssh -lTESTDOM.COM\\testuser linuxsmb > TESTDOM.COM\testuser@linuxsmb's password: > Last login: Fri Nov 21 08:40:09 2003 from linuxsmb.TESTDOM.COM > Connection to linuxsmb closed. > [testuser@linuxsmb testuser]$ ssh -lTESTDOM.COM\\testuser linuxsmb > TESTDOM.COM\testuser@linuxsmb's password: > Last login: Fri Nov 21 08:40:44 2003 from linuxsmb.TESTDOM.COM > Connection to linuxsmb closed. > Here you can see by the "Last Login:" that is displayed, that I am being > authenticated when I try connecting via ssh 2 times back to back: > > Here's a smbclient session being authenticated via the NT PDC: > [testuser@linuxsmb testuser]$ smbclient > //linuxsmb/testuser -UTESTDOM.COM\\testuser -c 'ls *.txt' > Password: > > SSD55287.txt 41401 Fri Nov 7 04:36:57 2003 > New Text Document.txt A 0 Thu Nov 20 15:08:26 2003 > > 64860 blocks of size 32768. 63759 blocks available > > So it appears that things are working ?? > > When I try connecting via SSH, no dice. *sigh* > > Here's a snippet from my /var/log/auth.log > Nov 21 08:34:52 linuxsmb pam_winbind[2842]: request failed: WrongPassword,> PAM error was 7, NT error was NT_STATUS_WRONG_PASSWORD > Nov 21 08:34:52 linuxsmb pam_winbind[2842]: user `TESTDOM.COM\testuser' > denied access (incorrect password) > Nov 21 08:34:52 linuxsmb sshd(pam_unix)[2842]: check pass; user unknown > Nov 21 08:34:52 linuxsmb sshd(pam_unix)[2842]: authentication failure; > logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=linuxsmb.TESTDOM.COM > Nov 21 08:34:57 linuxsmb pam_winbind[2842]: user 'TESTDOM.COM\testuser' > granted acces > Nov 21 08:34:57 linuxsmb pam_winbind[2842]: user 'TESTDOM.COM\testuser' > granted acces > Nov 21 08:34:57 linuxsmb sshd[2842]: Accepted password for > TESTDOM.COM\\testuser from 198.246.197.240 port 32810 ssh2 > > /etc/pam.d/sshd > auth required pam_nologin.so > auth sufficient pam_winbind.so > auth required pam_unix.so use_first_pass shadowChange this line to "try_first_pass".> auth required pam_env.so # [1] > > account sufficient pam_winbind.so > account required pam_unix.so use_first_passYou might need "try_first_pass" here too.> > session sufficient pam_mkhomedir.so skel=/etc/skel umask=0022 > session required pam_unix.so > session optional pam_lastlog.so # [1] > session optional pam_motd.so # [1] > session optional pam_mail.so standard noenv # [1] > session required pam_limits.so > > password required pam_unix.so > > What am I missing here or doing wrong? Not sure if any other settings are > relevant, and hate blasting the list with a bunch of useless/unwantedtext. openssh's approach to solving the longer delay for a valid user account (account discovery bug) was to give a pam authentication failure first for any connection (as I understand this). So, your "use_first_pass" is getting a bad password, and you aren't allowing it to prompt for a 2nd attempt. BTW, you don't see this with public key authentication ... so the default /etc/pam.d/system-auth is broken for ssh too if you use drakauth to setup winbind :-(. Regards, Buchan - -- |--------------Another happy Mandrake Club member--------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/w0j+rJK6UGDSBKcRAthMAJ4/eA659ONifoMt1Fh5DTk8+WXIIQCeLL1R WiHMdIr4PIvrXEMno3XfYaM=aJGl -----END PGP SIGNATURE-----