Hello there,
I have winbind configured and working fine on a Solaris 8 machine
pam is configured ok (I guess) as telnet/su'ing/smb access is working
fine, OpenSSH 3.9 is configured with the following options:
--prefix=/usr/local --sysconfdir=/etc/ssh --with-md5-passwords
--with-default-path=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/
bin:/bin --with-ipv4-default --with-privsep-path=/var/empty
--with-privsep-user=sshd --with-ssl-dir=/tmp/openssl-0.9.7e
--with-zlib=/tmp/zlib1.2.2 --with-pam
Yet, when trying to login, this is what I see in the messages file:
sshd[21182]: [ID 401707 auth.error] open_module:
/usr/lib/security/pam_winbind.so failed: ld.so.1: /usr/local/sbin/sshd:
fatal: relocation error: file /usr/lib/security/pam_winbind.so: symbol
main: referenced symbol not found
sshd[21182]: [ID 487707 auth.error] load_modules: can not open module
/usr/lib/security/pam_winbind.so
sshd[21180]: [ID 800047 auth.error] error: PAM: Dlopen failure for
illegal user my_user from x.x.x.x
Another issue, not related to this problem -
(happens on Solaris 8/sparc machines only) - sometimes when I login
while winbind is enabled and running, every command I run is running in
the background automatically... this is really annoying...
Any suggestions?
Thanks.
pam.conf:
#
#ident "@(#)pam.conf 1.16 01/01/24 SMI"
#
# Copyright (c) 1996-2000 by Sun Microsystems, Inc.
# All rights reserved.
#
# PAM configuration
#
# Authentication management
#
login auth required /usr/lib/security/pam_winbind.so
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_unix_auth.so.1 try_first_pass
login auth required pam_dial_auth.so.1 try_first_pass
#
rlogin auth sufficient /usr/lib/security/pam_winbind.so
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth required pam_unix_auth.so.1 try_first_pass
#
dtlogin auth sufficient /usr/lib/security/pam_winbind.so
dtlogin auth requisite pam_authtok_get.so.1
dtlogin auth required pam_dhkeys.so.1
dtlogin auth required pam_unix_auth.so.1 try_first_pass
#
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_auth.so.1
other auth sufficient /usr/lib/security/pam_winbind.so
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_unix_auth.so.1 try_first_pass
#
# Account management
#
login account sufficient /usr/lib/security/pam_winbind.so
login account requisite pam_roles.so.1
login account required pam_projects.so.1
login account required pam_unix_account.so.1
#
dtlogin account sufficient /usr/lib/security/pam_winbind.so
dtlogin account requisite pam_roles.so.1
dtlogin account required pam_projects.so.1
dtlogin account required pam_unix_account.so.1
#
other account sufficient /usr/lib/security/pam_winbind.so
other account requisite pam_roles.so.1
other account required pam_projects.so.1
other account required pam_unix_account.so.1
#
# Session management
#
other session required pam_unix_session.so.1
#
# Password management
#
#other password sufficient /usr/lib/security/pam_winbind.so
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1
dtsession auth requisite pam_authtok_get.so.1
dtsession auth required pam_dhkeys.so.1
dtsession auth required pam_unix_auth.so.1
#
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#
#rlogin auth optional pam_krb5.so.1 try_first_pass
#login auth optional pam_krb5.so.1 try_first_pass
#dtlogin auth optional pam_krb5.so.1 try_first_pass
#other auth optional pam_krb5.so.1 try_first_pass
#dtlogin account optional pam_krb5.so.1
#other account optional pam_krb5.so.1
#other session optional pam_krb5.so.1
#other password optional pam_krb5.so.1 try_first_pass
#
# Support for Solaris PPP (sppp)
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_unix_auth.so.1
ppp auth required pam_dial_auth.so.1
ppp account requisite pam_roles.so.1
ppp account required pam_projects.so.1
ppp account required pam_unix_account.so.1
ppp session required pam_unix_session.so.1
passwd auth required pam_passwd_auth.so.1
cron account required pam_unix_account.so.1
#cron account optional pam_krb5.so.1
smb.conf:
[global]
# Generic
workgroup = XXX
server string = Solaris 8 Sparc - Samba %v
# Security
security = DOMAIN
encrypt passwords = Yes
password server = x.x.x.x
allow trusted domains = No
# Logging
log level = 2
syslog = 0
# Performance
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
SO_RCVBUF=8192 SO_SNDBUF=8192
# Browsing / Services
os level = 0
preferred master = No
local master = No
domain master = No
dns proxy = No
wins server = x.x.x.x
# Winbind
idmap uid = 10000-100000
idmap gid = 10000-100000
idmap backend = idmap_rid:FOO_CORP=10000-100000
winbind separator = -
winbind enum users = Yes
winbind enum groups = Yes
template homedir = /home/%U
template shell = /bin/bash
[homes]
browseable = No
read only = No
