Hi All
I installed samba 3.0.23d on the FreeBSD 5.4 through the port tree and
join to the Windows 2000 Domain. But I can't su anymore. And the Windows
client cannot go into the share folder.
I have pam_winbind.so at /usr/lib and /usr/local/lib.
The error message shows:
Jan 30 18:50:36 BSDSVR01 pam_winbind[26131]: request failed: No such user, PAM
error was unknown user (13), NT error was NT_STATUS_NO_SUCH_USER
Jan 30 18:50:36 BSDSVR01 pam_winbind[26131]: request failed, but PAM error 0!
Jan 30 18:50:36 BSDSVR01 pam_winbind[26131]: internal module error (retval = 3,
user = `root')
Jan 30 18:50:36 BSDSVR01 su[26131]: pam_acct_mgmt: error in service module
It seems jumped the local passwd file and just search the domain user
list. But even that, I still can't access the share folder from the
network. It shows the share folder but when I double click it, it ask me
for the password.
Here is the smb.conf
**************copy start*******************
[global]
workgroup = DOMAIN
realm = DOMAIN.COM
server string = Samba Server
security = ADS
allow trusted domains = No
password server = dc
syslog only = Yes
log level =3
log file = /var/log/samba/smb.log
max log size = 50
dns proxy = No
wins server = 192.168.0.10
passdb expand explicit = No
idmap uid = 600-20000
idmap gid = 600-20000
template homedir = /usr/samba/%U
template shell = /bin/sh
winbind cache time = 3600
winbind use default domain = Yes
winbind nested groups = Yes
winbind enum users = Yes
winbind enum groups = Yes
hosts allow = 192.168.0.
#[Test]
# path = /usr/samba
# read only = No
[Software]
comment = Application
path = /usr/samba/software
valid users = @"Domain Users",@"Domain Admins"
read only = Yes
write list = @"Domain Admins"
create mode = 0777
directory mode = 0777
******************copy end***********************
nsswitch.conf
******************copy start**********************
group: files winbind
group_compat: nis
hosts: files dns
networks: files
passwd: files winbind
passwd_compat: nis
shells: compat
*****************copy end***********************
/etc/pam.d/system
****************copy start*************************
# auth
auth sufficient /usr/lib/pam_winbind.so try_first_pass
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
#auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass
nullok
# account
account required /usr/lib/pam_winbind.so
#account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
# session
#session optional pam_ssh.so
session required pam_lastlog.so no_fail
# password
password sufficient /usr/lib/pam_winbind.so try_first_pass
#password sufficient pam_krb5.so no_warn try_first_pass
password required pam_unix.so no_warn try_first_pass
****************************copy end**********************
Thanks a lot
Alex
Felipe Augusto van de Wiel
2007-Jan-31 11:57 UTC
[Samba] cannot su, something may related to pam
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/30/2007 09:54 PM, Alex Wang wrote:> Hi All[...]> It seems jumped the local passwd file and just search the > domain user list. But even that, I still can't access the > share folder from the network. It shows the share folder > but when I double click it, it ask me for the password. > > Here is the smb.conf[...]> /etc/pam.d/system[...]> # account > account required /usr/lib/pam_winbind.so > #account required pam_krb5.so > account required pam_login_access.so > account required pam_unix.soIMHO, it seems that your first line in account would mandate that the account also exists in the "winbind space".> Thanks a lot > AlexKind regards, - -- Felipe Augusto van de Wiel <felipe@paranacidade.org.br> Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFwIRFCj65ZxU4gPQRAjQiAKCuUb6bP1QW0pRnSLasWEqgywcKZwCfSUQz aHAajUukTTDC5deyy+6tXqU=/EZW -----END PGP SIGNATURE-----