Hi All I installed samba 3.0.23d on the FreeBSD 5.4 through the port tree and join to the Windows 2000 Domain. But I can't su anymore. And the Windows client cannot go into the share folder. I have pam_winbind.so at /usr/lib and /usr/local/lib. The error message shows: Jan 30 18:50:36 BSDSVR01 pam_winbind[26131]: request failed: No such user, PAM error was unknown user (13), NT error was NT_STATUS_NO_SUCH_USER Jan 30 18:50:36 BSDSVR01 pam_winbind[26131]: request failed, but PAM error 0! Jan 30 18:50:36 BSDSVR01 pam_winbind[26131]: internal module error (retval = 3, user = `root') Jan 30 18:50:36 BSDSVR01 su[26131]: pam_acct_mgmt: error in service module It seems jumped the local passwd file and just search the domain user list. But even that, I still can't access the share folder from the network. It shows the share folder but when I double click it, it ask me for the password. Here is the smb.conf **************copy start******************* [global] workgroup = DOMAIN realm = DOMAIN.COM server string = Samba Server security = ADS allow trusted domains = No password server = dc syslog only = Yes log level =3 log file = /var/log/samba/smb.log max log size = 50 dns proxy = No wins server = 192.168.0.10 passdb expand explicit = No idmap uid = 600-20000 idmap gid = 600-20000 template homedir = /usr/samba/%U template shell = /bin/sh winbind cache time = 3600 winbind use default domain = Yes winbind nested groups = Yes winbind enum users = Yes winbind enum groups = Yes hosts allow = 192.168.0. #[Test] # path = /usr/samba # read only = No [Software] comment = Application path = /usr/samba/software valid users = @"Domain Users",@"Domain Admins" read only = Yes write list = @"Domain Admins" create mode = 0777 directory mode = 0777 ******************copy end*********************** nsswitch.conf ******************copy start********************** group: files winbind group_compat: nis hosts: files dns networks: files passwd: files winbind passwd_compat: nis shells: compat *****************copy end*********************** /etc/pam.d/system ****************copy start************************* # auth auth sufficient /usr/lib/pam_winbind.so try_first_pass auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass nullok # account account required /usr/lib/pam_winbind.so #account required pam_krb5.so account required pam_login_access.so account required pam_unix.so # session #session optional pam_ssh.so session required pam_lastlog.so no_fail # password password sufficient /usr/lib/pam_winbind.so try_first_pass #password sufficient pam_krb5.so no_warn try_first_pass password required pam_unix.so no_warn try_first_pass ****************************copy end********************** Thanks a lot Alex
Felipe Augusto van de Wiel
2007-Jan-31 11:57 UTC
[Samba] cannot su, something may related to pam
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/30/2007 09:54 PM, Alex Wang wrote:> Hi All[...]> It seems jumped the local passwd file and just search the > domain user list. But even that, I still can't access the > share folder from the network. It shows the share folder > but when I double click it, it ask me for the password. > > Here is the smb.conf[...]> /etc/pam.d/system[...]> # account > account required /usr/lib/pam_winbind.so > #account required pam_krb5.so > account required pam_login_access.so > account required pam_unix.soIMHO, it seems that your first line in account would mandate that the account also exists in the "winbind space".> Thanks a lot > AlexKind regards, - -- Felipe Augusto van de Wiel <felipe@paranacidade.org.br> Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFwIRFCj65ZxU4gPQRAjQiAKCuUb6bP1QW0pRnSLasWEqgywcKZwCfSUQz aHAajUukTTDC5deyy+6tXqU=/EZW -----END PGP SIGNATURE-----