Eisenstein, Doug
2004-Jan-13 11:28 UTC
[Samba] Winbind & Wrong Password - PAM Issue? NT_STATUS_WRONG _PASSWORD?
Anyone have suggestions? Thanks. -----Original Message----- From: Eisenstein, Doug Sent: Monday, January 12, 2004 9:06 AM To: 'samba@lists.samba.org' Subject: [Samba] Winbind & Wrong Password - PAM Issue? Good Morning, I have been a user of winbind and Samba for about a year now. It's been working well for me on Red Hat v. 8.0 and 9.0. Recently I purchased and installed Red Hat Enterprise Linux WS 3.0 and configured winbind and samba the same way I normally do. However when I attempt to authenticate to the Linux workstation before I am even prompted to enter my password, winbind submits a rogue password to the Windows NT Domain Controller causing a "NT_STATUS_WRONG_PASSWORD" error to show up in the /var/log/messages log file and after a few attempts, lock out my windows account. Excerpt of /var/log/messages (BEFORE PROMPT FOR PASSWORD): ----------------------------------------------- Jan 12 08:59:59 localhost pam_winbind[1045]: request failed: Wrong Password, PAM error was 7, NT error was NT_STATUS_WRONG_PASSWORD Jan 12 08:59:59 localhost pam_winbind[1045]: user `doug' denied access (incorrect password) Jan 12 08:59:59 localhost sshd(pam_unix)[1045]: check pass; user unknown Jan 12 08:59:59 localhost sshd(pam_unix)[1045]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=host1.host.com ----------------------------------------------- Excerpt of /var/log/messages (AFTER PROMPT FOR PASSWORD): ----------------------------------------------- Jan 12 09:02:26 localhost pam_winbind[1053]: user 'doug' granted acces Jan 12 09:02:26 localhost pam_winbind[1053]: user 'doug' granted acces Jan 12 09:02:26 localhost sshd[1053]: Accepted password for doug from 1.1.1.1 port 3970 Jan 12 09:02:26 localhost sshd(pam_unix)[1055]: session opened for user doug by (uid=10000) ----------------------------------------------- ***NOTE: If I do this several times my windows NT account "doug" will be locked out! /etc/pam.d/system-auth: ----------------------------------------------- #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so password required /lib/security/$ISA/pam_cracklib.so retry=3 typepassword sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so ----------------------------------------------- /etc/pam.d/sshd: ----------------------------------------------- #%PAM-1.0 auth required /lib/security/pam_listfile.so item=group sense=allow file=/etc/security/sshd_allow.conf onerr=fail auth sufficient /lib/security/pam_winbind.so auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so account required /lib/security/pam_stack.so service=system-auth account sufficient /lib/security/pam_winbind.so password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_limits.so session optional /lib/security/pam_console.so ----------------------------------------------- Any suggestions are greatly appreciated. Thank you, Doug E. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Possibly Parallel Threads
Wisdom of the Ancients
