samba - Jan 2005 - HELP - winbind/PAM issues

I have a laptop with fedora core 3 installed.  I have an NT domain that I
would like to use for all authentication (Linux and Windows).  As a test I
decided to focus on ssh authentication.  I have completed the following:

Created the smb.conf:
[global]
   workgroup = DOMAIN_NAME
   server string = Linux Workstation
 log file = /var/log/samba/%m.log
   max log size = 50
   security = domain
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   wins support = no
   wins server = local_wins_server
   dns proxy = no
   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   template homedir = /home/winnt/%D/$U
   template shell = /bin/bash
   winbind separator = \
   winbind use default domain = no
   password server = *
[homes]
   comment = Home Directories
   browseable = no
   writable = yes

Edited /etc/pam.d/sshd to be (assuming no security just to get this thing
running):
#%PAM-1.0
auth       required     pam_nologin.so
auth       sufficient   pam_winbind.so debug

account    sufficient   pam_winbind.so

session    required     pam_stack.so service=system-auth
session    optional     pam_console.so

I have successfully joined the domain.  I get the following information when
running wbinfo:

wbinfo -u

DOMAIN_NAME   winbind use default domain = yestfbradm
DOMAIN_NAME   winbind use default domain = yestfbrenda
DOMAIN_NAME   winbind use default domain = yestfbrett
DOMAIN_NAME   winbind use default domain = yestfcarme
DOMAIN_NAME   winbind use default domain = yestfcarmen
DOMAIN_NAME   winbind use default domain = yestfcdom

wbinfo -g

DOMAIN_NAME   winbind use default domain = yesvpn small office
DOMAIN_NAME   winbind use default domain = yeswebposting
DOMAIN_NAME   winbind use default domain = yeswebsecur01
DOMAIN_NAME   winbind use default domain = yeswinsock users

This is where I am stuck:

wbinfo -a username%password
plaintext password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user username%password with plaintext password
challenge/response password authentication succeeded

If I try to log in via ssh I get this in the log:

Jan 19 14:21:18 linus pam_winbind[5326]: request failed: No such user, PAM
error was 10, NT error was NT_STATUS_NO_SUCH_USER
Jan 19 14:21:18 linus pam_winbind[5326]: user `username' not found

Why is it not able to find my NT user when wbinfo will print out my user
information just fine?  Am I missing something?  I have read just about
every thread, forum, document, etc.. etc.. I can find.  Please help.

Thanks

Hi,

I had a similar problem and rearranging some setting in the pam.d file
system-auth helped.
This is what I have.....

System-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_winbind.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

account     sufficient    /lib/security/$ISA/pam_winbind.so
account     required      /lib/security/$ISA/pam_unix.so
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100
quiet
account     required      /lib/security/$ISA/pam_permit.so

password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok
md5 shadow
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so 

Login
#%PAM-1.0
auth       required	pam_securetty.so
auth       required	pam_stack.so service=system-auth
auth       required	pam_nologin.so
account    sufficient pam_winbind.so
account    required	pam_stack.so service=system-auth
password   required	pam_stack.so service=system-auth
# pam_selinux.so close should be the first session rule
session    required	pam_selinux.so close
session    required	pam_stack.so service=system-auth
session    optional	pam_console.so
# pam_selinux.so open should be the last session rule
session    required	pam_selinux.so multiple open

-----Original Message-----
From: samba-bounces+guillemw=hotmail.com@lists.samba.org
[mailto:samba-bounces+guillemw=hotmail.com@lists.samba.org] On Behalf Of
Theis, Jason (CAG-AP)
Sent: Wednesday, January 19, 2005 1:47 PM
To: 'samba@lists.samba.org'
Subject: [Samba] HELP - winbind/PAM issues

I have a laptop with fedora core 3 installed.  I have an NT domain that I
would like to use for all authentication (Linux and Windows).  As a test I
decided to focus on ssh authentication.  I have completed the following:

Created the smb.conf:
[global]
   workgroup = DOMAIN_NAME
   server string = Linux Workstation
 log file = /var/log/samba/%m.log
   max log size = 50
   security = domain
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   wins support = no
   wins server = local_wins_server
   dns proxy = no
   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   template homedir = /home/winnt/%D/$U
   template shell = /bin/bash
   winbind separator = \
   winbind use default domain = no
   password server = *
[homes]
   comment = Home Directories
   browseable = no
   writable = yes

Edited /etc/pam.d/sshd to be (assuming no security just to get this thing
running):
#%PAM-1.0
auth       required     pam_nologin.so
auth       sufficient   pam_winbind.so debug

account    sufficient   pam_winbind.so

session    required     pam_stack.so service=system-auth
session    optional     pam_console.so

I have successfully joined the domain.  I get the following information when
running wbinfo:

wbinfo -u

DOMAIN_NAME   winbind use default domain = yestfbradm
DOMAIN_NAME   winbind use default domain = yestfbrenda
DOMAIN_NAME   winbind use default domain = yestfbrett
DOMAIN_NAME   winbind use default domain = yestfcarme
DOMAIN_NAME   winbind use default domain = yestfcarmen
DOMAIN_NAME   winbind use default domain = yestfcdom

wbinfo -g

DOMAIN_NAME   winbind use default domain = yesvpn small office
DOMAIN_NAME   winbind use default domain = yeswebposting
DOMAIN_NAME   winbind use default domain = yeswebsecur01
DOMAIN_NAME   winbind use default domain = yeswinsock users

This is where I am stuck:

wbinfo -a username%password
plaintext password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user username%password with plaintext password
challenge/response password authentication succeeded

If I try to log in via ssh I get this in the log:

Jan 19 14:21:18 linus pam_winbind[5326]: request failed: No such user, PAM
error was 10, NT error was NT_STATUS_NO_SUCH_USER
Jan 19 14:21:18 linus pam_winbind[5326]: user `username' not found

Why is it not able to find my NT user when wbinfo will print out my user
information just fine?  Am I missing something?  I have read just about
every thread, forum, document, etc.. etc.. I can find.  Please help.

Thanks


-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.7.1 - Release Date: 1/19/2005