samba - Jan 2004 - pam_winbind problems

Hello,
I am have some interesting problems with the pam_winbind portion of samba
3.1. wbinfo -u and getent passwd
works but when I login I get the following messages in /var/log/messages.
Jan  5 11:09:36 hermes pam_winbind[9014]: write to socket failed!
Jan  5 11:09:36 hermes pam_winbind[9014]: internal module error (retval = 3,
user = `CSQ+shane'
Jan  5 11:09:36 hermes PAM_pwdb[9014]: check pass; user unknown
Jan  5 11:09:37 hermes login[9014]: FAILED LOGIN 1 FROM 172.27.1.223 FOR
CSQ+shane, User not known to the underlying authentication
module.
my login in /etc/pam.d is
auth       required     pam_securetty.so
#auth       required    pam_stack.so service=system-auth
auth       required     pam_nologin.so
auth       sufficient   pam_winbind.so
auth       required     pam_pwdb.so use_first_pass shadow nullok
#account    required    pam_stack.so service=system-auth
account   sufficient    pam_winbind.so
#password   required    pam_stack.so service=system-auth
password   required     pam_pwdb.so use_first_pass shadow nullok
#password   required     pam_winbind.so
session    required     pam_stack.so service=system-auth
session    optional     pam_console.so
 
I have also installed samba on two other LINUX boxes with the same error. Is
this a bug or am I doing something wrong??
                        Thank You for your Time!
                            Shane Drinkwater

I struggled with this for a good while before getting it working.  I am
authenticating to an ADS server, so this may not work directly for you
unless you are using Acitve Directory also.  If you have getent passwd
working, then this ought to allow auth.

#  pam.d/login
auth                required        pam_securetty.so
auth                sufficient      pam_winbind.so
auth                sufficient      pam_unix.so use_first_pass
auth                required        pam_stack.so service=system-auth
auth                required        pam_nologin.so
account             sufficient      pam_winbind.so
account             required        pam_stack.so service=system-auth
password            required        pam_stack.so service=system-auth
session             required        pam_stack.so service=system-auth
session             optional        pam_console.so

#  pam.d/system-auth
auth              required    /lib/security/$ISA/pam_env.so
auth              sufficient        /lib/security/$ISA/pam_unix.so likeauth
nullok
auth              sufficient        pam_winbind.so use_first_pass
auth              required          /lib/security/$ISA/pam_deny.so
account           required          /lib/security/$ISA/pam_unix.so
account           [default=bad success=ok user_unknown=ignore
service_err=ignore system_err=ignore]       pam_winbind.so
password          required          /lib/security/$ISA/pam_cracklib.so
retry=3 typepassword          sufficient        /lib/security/$ISA/pam_unix.so
nullok
use_authtok md5 shadow
password          sufficient        pam_winbind.so
password          sufficient        /lib/security/$ISA/pam_krb5.so
use_authtok
password          sufficient        /lib/security/$ISA/pam_ldap.so
use_authtok
password          required          /lib/security/$ISA/pam_deny.so
session           required          /lib/security/$ISA/pam_limits.so
session           required          /lib/security/$ISA/pam_unix.so
session           optional          pam_winbind.so
session           optional          /lib/security/$ISA/pam_krb5.so
session           optional          /lib/security/$ISA/pam_ldap.so

Alex Laslavic
Havertys Tech Services

samba-bounces+alaslavic=havertys.com@lists.samba.org wrote on 01/05/2004
12:21:32 PM:
> Hello,
> I am have some interesting problems with the pam_winbind portion of samba
> 3.1. wbinfo -u and getent passwd
> works but when I login I get the following messages in /var/log/messages.
> Jan  5 11:09:36 hermes pam_winbind[9014]: write to socket failed!
> Jan  5 11:09:36 hermes pam_winbind[9014]: internal module error (retval 3,
> user = `CSQ+shane'
> Jan  5 11:09:36 hermes PAM_pwdb[9014]: check pass; user unknown
> Jan  5 11:09:37 hermes login[9014]: FAILED LOGIN 1 FROM 172.27.1.223 FOR
> CSQ+shane, User not known to the underlying authentication
> module.
> my login in /etc/pam.d is
> auth       required     pam_securetty.so
> #auth       required    pam_stack.so service=system-auth
> auth       required     pam_nologin.so
> auth       sufficient   pam_winbind.so
> auth       required     pam_pwdb.so use_first_pass shadow nullok
> #account    required    pam_stack.so service=system-auth
> account   sufficient    pam_winbind.so
> #password   required    pam_stack.so service=system-auth
> password   required     pam_pwdb.so use_first_pass shadow nullok
> #password   required     pam_winbind.so
> session    required     pam_stack.so service=system-auth
> session    optional     pam_console.so
>
> I have also installed samba on two other LINUX boxes with the same error.
Is
> this a bug or am I doing something wrong??
>                         Thank You for your Time!
>                             Shane Drinkwater
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

I modified the login file in pam.d and I still get the following error
Jan  6 13:18:32 testbackup pam_winbind[23918]: write to socket failed!
Jan  6 13:18:32 testbackup pam_winbind[23918]: internal module error (retval
= 3, user = `CSQ+shane'
Jan  6 13:18:32 testbackup login(pam_unix)[23918]: check pass; user unknown
Jan  6 13:18:32 testbackup login(pam_unix)[23918]: authentication failure;
logname= uid=0 euid=0 tty=pts/1 ruser= rhost=172.27.1.223
It seems broke on every Linux Box I put Samba 3.0.1 for RH 9,8... 

				Any Ideas???
				Shane


-----Original Message-----
From: Shane Drinkwater [mailto:Shane_Drinkwater@pa-ucl.com]
Sent: Monday, January 05, 2004 11:22 AM
To: samba@lists.samba.org
Subject: [Samba] pam_winbind problems


Hello,
I am have some interesting problems with the pam_winbind portion of samba
3.1. wbinfo -u and getent passwd
works but when I login I get the following messages in /var/log/messages.
Jan  5 11:09:36 hermes pam_winbind[9014]: write to socket failed!
Jan  5 11:09:36 hermes pam_winbind[9014]: internal module error (retval = 3,
user = `CSQ+shane'
Jan  5 11:09:36 hermes PAM_pwdb[9014]: check pass; user unknown
Jan  5 11:09:37 hermes login[9014]: FAILED LOGIN 1 FROM 172.27.1.223 FOR
CSQ+shane, User not known to the underlying authentication
module.
my login in /etc/pam.d is
auth       required     pam_securetty.so
#auth       required    pam_stack.so service=system-auth
auth       required     pam_nologin.so
auth       sufficient   pam_winbind.so
auth       required     pam_pwdb.so use_first_pass shadow nullok
#account    required    pam_stack.so service=system-auth
account   sufficient    pam_winbind.so
#password   required    pam_stack.so service=system-auth
password   required     pam_pwdb.so use_first_pass shadow nullok
#password   required     pam_winbind.so
session    required     pam_stack.so service=system-auth
session    optional     pam_console.so
 
I have also installed samba on two other LINUX boxes with the same error. Is
this a bug or am I doing something wrong??
                        Thank You for your Time!
                            Shane Drinkwater
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba