Ive got a problem with pam_winbind not authenticating, were using an AD 2003
domain.
wbinfo works
with correct password
# wbinfo -a=AD03+richard.batty%password
plaintext password authentication succeeded
challenge/response password authentication succeeded
with wrong password
# wbinfo -a=AD03+richard.batty%password1
plaintext password authentication failed
error code was NT_STATUS_WRONG_PASSWORD (0xc000006a)
error messsage was: Wrong Password
Could not authenticate user AD03+richard.batty%f3l1x!12 with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_WRONG_PASSWORD (0xc000006a)
error messsage was: Wrong Password
Could not authenticate user AD03+richard.batty with challenge/response
Ive also modified /etc/pam.conf so the rlogin command uses the pam_winbind
libraries
rlogin auth required /usr/lib/security/pam_winbind.so debug
#rlogin -l AD03+richard.batty localhost
but get the following error
[2006/01/30 09:50:27, 5] nsswitch/winbindd_user.c:getpwnam_name2sid_recv(377)
Could not lookup name for user AD03+richard.batty
Heres the smb.conf file
workgroup = AD03
realm = AD03.LOCAL
netbios name = Server1
security = ADS
password server = Server2.AD03.LOCAL
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = +
log level = 5
log file = /var/log/samba.log.%m
max log size = 50
debug timestamp = yes
local master = No
domain master = False
dns proxy = No
username map = /usr/local/samba/lib/username.map
encrypt passwords = yes
domain master = no
I can browse the defined shares without specifying a login/password so winbind
must be working and authenticating correctly.
heres the more detailed log any ideas?
[2006/01/30 09:50:22, 6] nsswitch/winbindd.c:new_connection(638)
accepted socket 20
[2006/01/30 09:50:22, 10] nsswitch/winbindd.c:process_request(324)
process_request: request fn INTERFACE_VERSION
[2006/01/30 09:50:22, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(454)
[ 0]: request interface version
[2006/01/30 09:50:22, 10] nsswitch/winbindd.c:process_request(324)
process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2006/01/30 09:50:22, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(487)
[ 0]: request location of privileged pipe
[2006/01/30 09:50:22, 6] nsswitch/winbindd.c:new_connection(638)
accepted socket 21
[2006/01/30 09:50:22, 10] nsswitch/winbindd.c:process_request(324)
process_request: request fn GETPWNAM
[2006/01/30 09:50:22, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(336)
[ 0]: getpwnam AD03+richard.batty
[2006/01/30 09:50:23, 10]
nsswitch/winbindd_cache.c:cache_retrieve_response(1529)
Retrieving response for pid 22985
[2006/01/30 09:50:23, 5] nsswitch/winbindd_async.c:lookupname_recv(627)
lookup_name returned an error
[2006/01/30 09:50:23, 5] nsswitch/winbindd_user.c:getpwnam_name2sid_recv(377)
Could not lookup name for user AD03+richard.batty
[2006/01/30 09:50:27, 6] nsswitch/winbindd.c:new_connection(638)
accepted socket 20
[2006/01/30 09:50:27, 10] nsswitch/winbindd.c:process_request(324)
process_request: request fn INTERFACE_VERSION
[2006/01/30 09:50:27, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(454)
[ 0]: request interface version
[2006/01/30 09:50:27, 10] nsswitch/winbindd.c:process_request(324)
process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2006/01/30 09:50:27, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(487)
[ 0]: request location of privileged pipe
[2006/01/30 09:50:27, 6] nsswitch/winbindd.c:new_connection(638)
accepted socket 22
[2006/01/30 09:50:27, 10] nsswitch/winbindd.c:process_request(324)
process_request: request fn PAM_AUTH
[2006/01/30 09:50:27, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(202)
[ 0]: pam auth AD03+richard.batty
[2006/01/30 09:50:27, 8] lib/util.c:is_myname(1879)
is_myname("AD03") returns 0
[2006/01/30 09:50:27, 10]
nsswitch/winbindd_cache.c:cache_retrieve_response(1529)
Retrieving response for pid 22985
[2006/01/30 09:50:27, 10] nsswitch/winbindd.c:process_request(324)
process_request: request fn GETPWNAM
[2006/01/30 09:50:27, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(336)
[ 0]: getpwnam AD03+richard.batty
[2006/01/30 09:50:27, 10]
nsswitch/winbindd_cache.c:cache_retrieve_response(1529)
Retrieving response for pid 22985
[2006/01/30 09:50:27, 5] nsswitch/winbindd_async.c:lookupname_recv(627)
lookup_name returned an error
[2006/01/30 09:50:27, 5] nsswitch/winbindd_user.c:getpwnam_name2sid_recv(377)
Could not lookup name for user AD03+richard.batty
Thanks
Rich
This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential information
and/or be subject to legal privilege. It should not be copied, disclosed to,
retained or used by, any other party. If you are not an intended recipient then
please promptly delete this e-mail and any attachment and all copies and inform
the sender. Thank you.
