Looks like you've got a typo. See below:
At 12:28 16/09/2002 +0100, Ash Green wrote:
>Hi,
>
>I've been fighting with winbind for about 3 weeks now trying to get the
>damn thing to work properly, and I'm within a gnat's whisker of
getting it
>going, but there's something I'm missing. Please - has someone got
>winbind working out there?!?!
>
>I'm running a RH 7.3, with the latest version of Samba from samba.org
>installed, and the installation included the -with-winbind flag.
>
>I can retrieve user & group lists from my NT4 PDC, but when I try to
>authenticate via wbinfo I get :
>
>[ash@LTSP ash]$ wbinfo -a DOMAIN+test%tester
>plaintext password authentication succeeded
>challenge/response password authentication failed
>Could not authenticate user DOMAIN+test%tester with challenge/response
>
>The contents of my login file (in /etc/pam.d) are :
>auth required /lib/security/pam_securetty.so
>auth required /lib/security/pam_nologin.so
>auth sufficient /lib/security/pam_winbind.so
>auth suffieient /lib/security/pam_unix.so shadow nullok
>use_first_pass
Don't know whether this is just a typo in the email but in the line above
you've got 'suffieient', surely this should be 'sufficient'.
>auth required ib/security/pam_stack.so service=system-auth.so
>account sufficient /lib/security/pam_winbind.so
>#account required /lib/security/pam_stack.so service=system-auth
>password required /lib/security/pam_stack.so service=system-auth
>session required /lib/security/pam_stack.so service=system-auth
>session optional /lib/security/pam_console.so
>
>The output from running /usr/sbin/winbindd -d 3 -I gives :
>
>[23640]: pam auth DOMAIN+test
>domain_client_validate: User passwords not in encrypted format.
>resolve_lmhosts: Attempting lmhosts lookup for name LATHOM<0x20>
>getlmhostsent: lmhost entry: 127.0.0.1 localhost
>resolve_hosts: Attempting host lookup for name LATHOM<0x20>
>Connecting to 10.79.24.2 at port 445
>error connecting to 10.79.24.2:445 (Connection refused)
>Connecting to 10.79.24.2 at port 139
>cli_net_req_chal: LSA Request Challenge from LATHOM to LTSP:
0F1C330505E2807F
>cred_session_key
>cred_create
>cli_net_auth2: srv:\\LATHOM acct:LTSP$ sc:2 mc: LTSP chal 616462812AF3EF3C
>neg:
>1ff
>cred_create
>cred_assert
>cred_create
>cli_net_sam_logon_internal: srv:\\LATHOM mc:LTSP clnt 70CA14C59F5F73CF
>3d85a543
>ll: 2
>cred_create
>cred_assert
>
>(I'm slightly worried about that first entry, as smb.conf has encrypted
>passwords=yes
)>And (nearly done) the dump in the messages file gives me :
>Sep 16 09:43:29 LTSP pam_winbind[23713]: user 'DOMAIN+test' granted
access
>Sep 16 09:43:29 LTSP login[23713]: Permission denied
>
>It seems as though the winbind part is working fine, but some of the
>following modules are forcing it to reject the login. I've toyed with
>using the 'optional' flags on the pam_stack and pam_unix.so auth
>statements, but just succeeded in locking myself out.
>
>Any ideas? I've got this demon lab that's working ace, but
can't let the
>kids onto it yet as I've no time to manage 2 sets of login details.
>
>The only other thought I had at the end of last week was whether my PDC
>was supporting challenge/response - although I am led to believe that this
>is the default for NT. I've double checked and this seems to be working
fine.
>
>Any ideas?
>
>Cheers,
>
>Ash
>
>*************
>Ash Green
>ICT Project Development Co-ordinator
>Lathom High School
>Glenburn Road
>Skelmersdale
>WN8 6JN
>01695.725653
>*************
---
Jonathan Dean
jon.dean@deanuk.net www.jondean.com
Dept. Computer Science, University of Exeter, UK.
j.s.dean@ex.ac.uk www.dcs.ex.ac.uk
Network Manager, Dean UK Networks.
root@deanuk.net www.deanuk.net
-------------- next part --------------
HTML attachment scrubbed and removed