Timothy Fontaine
2005-Jul-27 18:50 UTC
[Samba] winbind + pam authentication immediately closes session
I followed the basic pointers for setting up pam + winbind on a debian based system ( http://www.ubuntuforums.org/showthread.php?t=5409 ) the member server is joined to the domain and authentication appears to work successfully, however when I attempt to login with a domain user with the proper password to a method that requires a session (ssh/su/xdm) or otherwise the session is immediately closed. Relevant event history: (testing winbind auth) tjfontaine@server2:~$ wbinfo -a jay%uberSecretPass plaintext password authentication succeeded challenge/response password authentication succeeded (su'ing to domain user) tjfontaine@server2:~$ su - jay Password: tjfontaine@server2:~$ (auth.log on member server) Jul 27 14:13:59 server2 su[7978]: + pts/0 tjfontaine:jay Jul 27 14:13:59 server2 su[7978]: (pam_unix) session opened for user jay by tjfontaine(uid=1000) Jul 27 14:13:59 server2 su[7978]: (pam_unix) session closed for user jay (member servers log on domain controller) [2005/07/27 14:14:13, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [jay] -> [jay] -> [jay] succeeded Member server information: Debian Unstable samba 3.0.14a (-6 debian revision) server2:~# uname -a Linux server2 2.6.10-1-686-smp #1 SMP Fri Mar 11 01:49:45 EST 2005 i686 GNU/Linux Member server config: [global] workgroup = mydomain log level = 10 server string = Terminal Server wins support = no wins server = 192.168.2.1 dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = domain encrypt passwords = true passdb backend = tdbsam guest obey pam restrictions = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . socket options = TCP_NODELAY domain master = no idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash winbind enum users = yes winbind enum groups = yes winbind use default domain = Yes winbind separator = + password server = * [homes] comment = Home Directories browseable = no writable = no create mask = 0700 directory mask = 0700 [printers] comment = All Printers browseable = no path = /tmp printable = yes public = no writable = no create mode = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no
Timothy Fontaine
2005-Jul-27 21:13 UTC
[Samba] Re: winbind + pam authentication immediately closes session
Apologies for cluttering the list, of course it was user error it just took a bit more tracking down. There are some descrepancies between http://www.ubuntuforums.org/showthread.php?t=5409 and https://wiki.ubuntu.com/ActiveDirectoryWinbindHowto for what common-(auth | account | session) should contain, the wiki information works for me on pure debian. Again sorry for the list clutter.