Greg Albrecht
2005-Jul-28 16:58 UTC
[Samba] using pam_winbind to authenticate against AD/krb
hey all, after following the directions in the "FreeBSD Active Directory Domain Member Mini-HOWTO" http://web.irtnog.org/howtos/freebsd/winbind i am able to get my machine to the point where i can query users with 'wbinfo': $ wbinfo -u|grep galbrecht galbrecht i am unable, however, to login to my machine using any service, telnet for example: $ telnet -K localhost Connected to localhost FreeBSD/i386 (albany.undef.net) (ttyp7) login: galbrecht Password: ****** login: my /var/log/messages shows: ... albany pam_winbind[15753]: user 'galbrecht' granted access ... albany login[15753]: pam_acct_mgmt(): error in service module if i attempt to login with a username that does not exist, in either ad or local pwd, /var/log/messages shows: ... albany pam_winbind[15825]: request failed: No such user, PAM error was 13, NT error was NT_STATUS_NO_SUCH_USER ... albany pam_winbind[15825]: user `greg' not found i've attempted to enable debugging with pam_winbind in my /etc/pam.d/system configuration, which doesn't seem to have an effect, but i've done a -d10 dump, if that would be useful to anyone. save for my domain, my configuration matches that of the webpage sited above. any ideas? -g -- Greg Albrecht (gba@undef.net) * -0700 GMT/UTC http://undef.net * +1 213 447 3089
Greg Albrecht
2005-Jul-28 18:22 UTC
[Samba] using pam_winbind to authenticate against AD/krb - solved
problem solved, in the howto there was this line in smb.conf: idmap backend = idmap_rid:IRTNOG=10000-100000 which i didn't realize was specific to IRTNOG's domain, i changed it to my domain, restarted samba/winbindd, and everything works. -g Greg Albrecht wrote:> hey all, > after following the directions in the > "FreeBSD Active Directory Domain Member Mini-HOWTO" > http://web.irtnog.org/howtos/freebsd/winbind > > i am able to get my machine to the point where i can query users with > 'wbinfo': > > $ wbinfo -u|grep galbrecht > galbrecht > > i am unable, however, to login to my machine using any service, telnet > for example: > > $ telnet -K localhost > Connected to localhost > FreeBSD/i386 (albany.undef.net) (ttyp7) > login: galbrecht > Password: ****** > login: > > my /var/log/messages shows: > ... albany pam_winbind[15753]: user 'galbrecht' granted access > ... albany login[15753]: pam_acct_mgmt(): error in service module > > if i attempt to login with a username that does not exist, in either ad > or local pwd, /var/log/messages shows: > ... albany pam_winbind[15825]: request failed: No such user, PAM error > was 13, NT error was NT_STATUS_NO_SUCH_USER > ... albany pam_winbind[15825]: user `greg' not found > > i've attempted to enable debugging with pam_winbind in my > /etc/pam.d/system configuration, which doesn't seem to have an effect, > but i've done a -d10 dump, if that would be useful to anyone. > > save for my domain, my configuration matches that of the webpage sited > above. > > any ideas? > > -g >-- Greg Albrecht (gba@undef.net) * -0700 GMT/UTC http://undef.net * +1 213 447 3089