On Thu, 16 Oct 2025 13:11:35 +0200
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
>
> An ubuntu client suddenly start to reject logons:
>
> Oct 16 12:29:25 nikola sshd[2616]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser>
rhost=leia.sv.lnf.it user=gaio Oct 16 12:29:25 nikola sshd[2616]:
> pam_winbind(sshd:auth): getting password (0x00000388) Oct 16 12:29:25
> nikola sshd[2616]: pam_winbind(sshd:auth): pam_get_item returned a
> password Oct 16 12:29:25 nikola sshd[2616]: pam_winbind(sshd:auth):
> request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error:
> PAM_AUTH_ERR (7), NTSTATUS: NT_STATUS_LOGON_FAILURE, Error message
> was: Logon failure Oct 16 12:29:25 nikola sshd[2616]:
> pam_winbind(sshd:auth): user 'gaio' denied access (incorrect
password
> or invalid membership) Oct 16 12:29:27 nikola sshd[2616]: Failed
> password for gaio from 10.5.1.45 port 38046 ssh2
>
> trying to resolve, i've found in logs:
>
> Oct 16 12:14:26 nikola kernel: [ 213.681786] RPC: AUTH_GSS upcall
> failed. Please check user daemon is running. Oct 16 12:14:26 nikola
> kernel: [ 213.744119] CIFS VFS: cifs_mount failed w/return code = -6
> Oct 16 12:14:26 nikola kernel: [ 213.758326] CIFS VFS: cifs_mount
> failed w/return code = -6
-6 is 'No such device or address'
>
> the client does not use 'cifs mount', but autofs to mount via NFS
the
> home.
Okay, but something is attempting to use cifs in the kernel.
>
> PAM configuration had:
>
> #auth [success=1 default=ignore] pam_winbind.so
> krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
I take it that came from /etc/pam.d/common-auth.
Was it exactly like that, with a '#' at the beginning ?
If so, it was turned off and it should look like that, just without the
'#'.
>
> if i modify as:
> auth [success=1 default=ignore] pam_winbind.so
> cached_login try_first_pass
I would change it back, you have turned off kerberos.
The question is, if the '#' was there, who put it there ?
Rowland