thr3ads.net - samba - [Samba] 3.0.21b +pam

If this information is useful, please help other people find it:
Share via:

Batty, Richard

2006-Jan-31 17:53 UTC

[Samba] 3.0.21b +pam_winbindd

Ive installed and configured samba using

cd samba-3.0.21b/source
./autogen.sh
./configure --with-krb5=/usr/local \
            --with-automount \
            --with-pam \
            --with-utmp \
            --with-winbind \
            --with-libsmbclient \
		--with-ldap \
            --with-netlib='-lresolv'
make
make install
cp nsswitch/pam_winbind.so /usr/lib/security
cp nsswitch/libnss_winbind.so /lib/nss_winbind.so.1
ln -s /lib/nss_winbind.so.1 /usr/lib/nss_winbind.so.1

I can browse my samba shares and the active directory 2003 authentication works
fine.

Ive modified pam.conf so rlogin should use pam_winbind

rlogin  auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin  auth sufficient /usr/lib/security/pam_winbind.so try_first_pass
rlogin  auth required   /usr/lib/security/$ISA/pam_unix.so.1

however if I try and login using 

rlogin -l AD03+richard.batty localhost

it fails but

wbinfo --authenticate=AD03+richard.batty%password 

works fine, any ideas?




This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential information
and/or be subject to legal privilege. It should not be copied, disclosed to,
retained or used by, any other party. If you are not an intended recipient then
please promptly delete this e-mail and any attachment and all copies and inform
the sender. Thank you.

Guenther Deschner

2006-Jan-31 18:21 UTC

head link

[Samba] 3.0.21b +pam_winbindd

Hi,

On Tue, Jan 31, 2006 at 05:43:02PM -0000, Batty, Richard
wrote:> 
> Ive installed and configured samba using
> 
> cd samba-3.0.21b/source
> ./autogen.sh
> ./configure --with-krb5=/usr/local \
>             --with-automount \
>             --with-pam \
>             --with-utmp \
>             --with-winbind \
>             --with-libsmbclient \
> 		--with-ldap \
>             --with-netlib='-lresolv'
> make
> make install
> cp nsswitch/pam_winbind.so /usr/lib/security
> cp nsswitch/libnss_winbind.so /lib/nss_winbind.so.1
> ln -s /lib/nss_winbind.so.1 /usr/lib/nss_winbind.so.1
> 
> I can browse my samba shares and the active directory 2003 authentication
works fine.
> 
> Ive modified pam.conf so rlogin should use pam_winbind
> 
> rlogin  auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
> rlogin  auth sufficient /usr/lib/security/pam_winbind.so try_first_pass
> rlogin  auth required   /usr/lib/security/$ISA/pam_unix.so.1
What did pam_winbind.so wrote to the syslog ?
> however if I try and login using 
> 
> rlogin -l AD03+richard.batty localhost
> 
> it fails 
Does it at least prompt you for a new password?

Thanks,
Guenther

-- 
G?nther Deschner                    GPG-ID: 8EE11688
Novell / SUSE LINUX                       gd@suse.de
Samba Team                              gd@samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20060131/fa4ef8d6/attachment.bin

Batty, Richard

2006-Feb-01 09:44 UTC

head link

[Samba] 3.0.21b +pam_winbindd

Hi,
	When I run 

wbinfo --authenticate=AD03+richard.batty%password

I get the following in the logs,

[2006/01/30 11:42:06, 6] nsswitch/winbindd.c:new_connection(638)
  accepted socket 16
[2006/01/30 11:42:06, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn INTERFACE_VERSION
[2006/01/30 11:42:06, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(454)
  [    0]: request interface version
[2006/01/30 11:42:06, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2006/01/30 11:42:06, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(487)
  [    0]: request location of privileged pipe
[2006/01/30 11:42:06, 6] nsswitch/winbindd.c:new_connection(638)
  accepted socket 17
[2006/01/30 11:42:06, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn PAM_AUTH
[2006/01/30 11:42:06, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(202)
  [    0]: pam auth AD03+richard.batty
[2006/01/30 11:42:06, 8] lib/util.c:is_myname(1879)
  is_myname("AD03") returns 0
[2006/01/30 11:42:06, 10]
nsswitch/winbindd_cache.c:cache_retrieve_response(1529)
  Retrieving response for pid 24308
[2006/01/30 11:42:06, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn INFO
[2006/01/30 11:42:06, 3] nsswitch/winbindd_misc.c:winbindd_info(442)
  [    0]: request misc info
[2006/01/30 11:42:06, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn AUTH_CRAP
[2006/01/30 11:42:06, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(513)
  [    0]: pam auth crap domain: [AD03] user: richard.batty
[2006/01/30 11:42:06, 8] lib/util.c:is_myname(1879)
  is_myname("AD03") returns 0
[2006/01/30 11:42:07, 10]
nsswitch/winbindd_cache.c:cache_retrieve_response(1529)
  Retrieving response for pid 24308


When I do the rlogin -l AD03+richard.batty localhost I get prompted for the
password and get the following



[2006/01/30 15:11:41, 6] nsswitch/winbindd.c:new_connection(638)
  accepted socket 16
[2006/01/30 15:11:41, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn INTERFACE_VERSION
[2006/01/30 15:11:41, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(454)
  [    0]: request interface version
[2006/01/30 15:11:41, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2006/01/30 15:11:41, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(487)
  [    0]: request location of privileged pipe
[2006/01/30 15:11:41, 6] nsswitch/winbindd.c:new_connection(638)
  accepted socket 17
[2006/01/30 15:11:41, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn PAM_AUTH
[2006/01/30 15:11:41, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(202)
  [    0]: pam auth AD03+richard.batty
[2006/01/30 15:11:41, 8] lib/util.c:is_myname(1879)
  is_myname("AD03") returns 0
[2006/01/30 15:11:41, 10]
nsswitch/winbindd_cache.c:cache_retrieve_response(1529)
  Retrieving response for pid 27648

Both seem identical but the wbinfo does more after the
"nsswitch/winbindd_cache.c:cache_retrieve_response(1529)"


Richard Batty
Unix, Oracle & AS/400 Team Leader
_________________________________________
LogicaCMG
Fairham House
Green Lane
Clifton
Nottingham
NG11 9LN
Tel:  +44 (0) 115 9848926
Mob:  +44 (0) 7841 602564
Fax: +44 (0) 115 9848547 (or 541)
Email: Richard.Batty@logicacmg.com
Web:   http://www.logicacmg.com


-----Original Message-----
From: Guenther Deschner [mailto:gd@samba.org]
Sent: 31 January 2006 18:09
To: Batty, Richard
Cc: Samba Mailing List (E-mail); Foster, Ian
Subject: Re: [Samba] 3.0.21b +pam_winbindd


Hi,

On Tue, Jan 31, 2006 at 05:43:02PM -0000, Batty, Richard
wrote:> 
> Ive installed and configured samba using
> 
> cd samba-3.0.21b/source
> ./autogen.sh
> ./configure --with-krb5=/usr/local \
>             --with-automount \
>             --with-pam \
>             --with-utmp \
>             --with-winbind \
>             --with-libsmbclient \
> 		--with-ldap \
>             --with-netlib='-lresolv'
> make
> make install
> cp nsswitch/pam_winbind.so /usr/lib/security
> cp nsswitch/libnss_winbind.so /lib/nss_winbind.so.1
> ln -s /lib/nss_winbind.so.1 /usr/lib/nss_winbind.so.1
> 
> I can browse my samba shares and the active directory 2003 authentication
works fine.
> 
> Ive modified pam.conf so rlogin should use pam_winbind
> 
> rlogin  auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
> rlogin  auth sufficient /usr/lib/security/pam_winbind.so try_first_pass
> rlogin  auth required   /usr/lib/security/$ISA/pam_unix.so.1
What did pam_winbind.so wrote to the syslog ?
> however if I try and login using 
> 
> rlogin -l AD03+richard.batty localhost
> 
> it fails 
Does it at least prompt you for a new password?

Thanks,
Guenther

-- 
G?nther Deschner                    GPG-ID: 8EE11688
Novell / SUSE LINUX                       gd@suse.de
Samba Team                              gd@samba.org


This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential information
and/or be subject to legal privilege. It should not be copied, disclosed to,
retained or used by, any other party. If you are not an intended recipient then
please promptly delete this e-mail and any attachment and all copies and inform
the sender. Thank you.

Batty, Richard

2006-Feb-01 10:50 UTC

head link

[Samba] 3.0.21b +pam_winbindd

A few more details from samba.log.winbindd when the rlogin fails.


[2006/02/01 10:44:45, 2] lib/interface.c:add_interface(81)
  added interface ip=10.200.2.84 bcast=10.200.3.255 nmask=255.255.254.0
[2006/02/01 10:44:45, 5] lib/util.c:init_names(260)
  Netbios name list:-
  my_netbios_names[0]="NEDLDE31"
[2006/02/01 10:44:45, 2] lib/interface.c:add_interface(81)
  added interface ip=10.200.2.84 bcast=10.200.3.255 nmask=255.255.254.0
[2006/02/01 10:44:45, 5] lib/gencache.c:gencache_init(59)
  Opening cache file at /usr/local/samba/var/locks/gencache.tdb
[2006/02/01 10:44:45, 5] libsmb/namecache.c:namecache_enable(58)
  namecache_enable: enabling netbios namecache, timeout 660 seconds
[2006/02/01 10:44:45, 5] sam/idmap.c:smb_register_idmap(91)
  smb_register_idmap: Successfully added idmap backend 'ldap'
[2006/02/01 10:44:45, 5] sam/idmap.c:smb_register_idmap(91)
  smb_register_idmap: Successfully added idmap backend 'tdb'
[2006/02/01 10:44:45, 10] sam/idmap_tdb.c:db_idmap_init(500)
  db_idmap_init: Opening tdbfile /usr/local/samba/var/locks/winbindd_idmap.tdb
[2006/02/01 10:44:45, 8] lib/util.c:fcntl_lock(1820)
  fcntl_lock 7 34 0 1 2
[2006/02/01 10:44:45, 8] lib/util.c:fcntl_lock(1855)
  fcntl_lock: Lock call successful
[2006/02/01 10:44:45, 4] lib/time.c:TimeInit(142)
  TimeInit: Serverzone is 0
[2006/02/01 10:44:45, 2] lib/tallocmsg.c:register_msg_pool_usage(61)
  Registered MSG_REQ_POOL_USAGE
[2006/02/01 10:44:45, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
  Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2006/02/01 10:44:45, 2] nsswitch/winbindd_util.c:add_trusted_domain(173)
  Added domain AD03 AD03.LOCAL S-1-5-21-58185743-814264826-4091046890
[2006/02/01 10:44:45, 2] nsswitch/winbindd_util.c:add_trusted_domain(173)
  Added domain BUILTIN  S-1-5-32
[2006/02/01 10:44:45, 2] nsswitch/winbindd_util.c:add_trusted_domain(173)
  Added domain NEDLDE31  S-1-5-21-363540403-49075366-2457342940
[2006/02/01 10:44:45, 10] nsswitch/winbindd_util.c:open_winbindd_socket(906)
  open_winbindd_socket: opened socket fd 10
[2006/02/01 10:44:45, 10] nsswitch/winbindd_util.c:open_winbindd_priv_socket(918
)
  open_winbindd_priv_socket: opened socket fd 12
[2006/02/01 10:44:47, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1534
)
  Retrieving response for pid 19815
[2006/02/01 10:44:47, 5] nsswitch/winbindd_util.c:init_child_recv(414)
  Received child initialization response for domain AD03
[2006/02/01 10:44:47, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1534
)
  Retrieving response for pid 19815
[2006/02/01 10:44:47, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1556
)
  Retrieving extra data length=266
[2006/02/01 10:44:47, 2] nsswitch/winbindd_util.c:add_trusted_domain(173)
  Added domain MWNET1 MWNET1 S-1-5-21-397093224-1763867346-617630493
[2006/02/01 10:44:47, 2] nsswitch/winbindd_util.c:add_trusted_domain(173)
  Added domain SYSTEM SYSTEM S-1-5-21-8915387-1557995733-281947949
[2006/02/01 10:44:47, 2] nsswitch/winbindd_util.c:add_trusted_domain(173)
  Added domain IUSBIZ Ius.Biz S-1-5-21-800640318-3913421754-1608113833
[2006/02/01 10:44:47, 2] nsswitch/winbindd_util.c:add_trusted_domain(173)
  Added domain IUS ius S-1-5-21-2050044886-817378249-1478062314
[2006/02/01 10:44:52, 6] nsswitch/winbindd.c:new_connection(638)
  accepted socket 16
[2006/02/01 10:44:52, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn INTERFACE_VERSION
[2006/02/01 10:44:52, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(454
)
  [    0]: request interface version
[2006/02/01 10:44:52, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2006/02/01 10:44:52, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(487)
  [    0]: request location of privileged pipe
[2006/02/01 10:44:52, 6] nsswitch/winbindd.c:new_connection(638)
  accepted socket 17
[2006/02/01 10:44:52, 10] nsswitch/winbindd.c:process_request(324)
  process_request: request fn PAM_AUTH
[2006/02/01 10:44:52, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(202)
  [    0]: pam auth AD03+richard.batty
[2006/02/01 10:44:52, 8] lib/util.c:is_myname(1879)
  is_myname("AD03") returns 0
[2006/02/01 10:44:53, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1534
)
  Retrieving response for pid 19815


This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential information
and/or be subject to legal privilege. It should not be copied, disclosed to,
retained or used by, any other party. If you are not an intended recipient then
please promptly delete this e-mail and any attachment and all copies and inform
the sender. Thank you.

Apparently Analagous Threads

Search for more reasonably related threads

samba - Jan 2006 - 3.0.21b +pam_winbindd

[Samba] 3.0.21b +pam_winbindd

[Samba] 3.0.21b +pam_winbindd

[Samba] 3.0.21b +pam_winbindd

[Samba] 3.0.21b +pam_winbindd

Apparently Analagous Threads