Nicolas.CLEMENTZ@uha.fr
2008-Feb-27 07:31 UTC
[Samba] UserPrincipalName with samba/winbind 3.2
Hi, I'm currently trying the 3.2 version of winbindd (pam + nss + winbindd). I would like to loging with the userPrincipalName on ? Win 2k3 but I can't. Winbindd retrun NT_STATUS_INVALID_PARAMETER_MIX (PAM: 4) Any idea winbindd --version output : Version 3.2.0pre2-GIT--e 85eec1d-test My smb.conf file : [global] security = ads realm = IUT-COLMAR.NET password server = 10.252.254.10 workgroup = IUT-COLMAR # winbind separator = + idmap backend = idmap_rid:IUT-COLMAR=70000-1000000 idmap uid = 70000-1000000 idmap gid = 70000-1000000 winbind enum users = yes winbind enum groups = yes winbind expand groups = 1 winbind offline logon = true winbind use default domain = yes winbind refresh tickets = true template homedir = /home/%D/%U template shell = /bin/bash client use spnego = yes client ntlmv2 auth = yes encrypt passwords = yes restrict anonymous = 2 domain master = no local master = no preferred master = no os level = 0 use kerberos keytab = True log level = 3 log file = /var/log/samba/%m [public] path = /perso/public read only = no /etc/pam.d/common.auth auth sufficient pam_winbind.so krb5_auth krb5_ccache_type=FILE debug debug_state cached_login /var/log/auth.log Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh: 0xb7fd5d28] ENTER: pam_sm_authenticate (flags: 0x0001) Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh: 0xb7fd5d28] STATE: ITEM(PAM_SERVICE) = "sshd" (0xb7fd5dd8) Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh: 0xb7fd5d28] STATE: ITEM(PAM_USER) = "flavio.scollo@iut-colmar.net" (0xb7fce148) Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh: 0xb7fd5d28] STATE: ITEM(PAM_TTY) = "ssh" (0xb7fd63f8) Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh: 0xb7fd5d28] STATE: ITEM(PAM_RHOST) = "adm028.iut-colmar.net" (0xb7fd8520) Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh: 0xb7fd5d28] STATE: ITEM(PAM_CONV) = 0xb7fda9e8 Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): user 'flavio.scollo@iut-colmar.net' OK Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): user 'flavio.scollo@iut-colmar.net' OK Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): getting password (0x00001381) Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): Verify user 'IUT-COLMAR\flavio.scollo' Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): PAM config: krb5_ccache_type 'FILE' Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): enabling krb5 login flag Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): enabling cached login flag Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): enabling request for a FILE krb5 ccache Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): request failed: NT_STATUS_INVALID_PARAMETER_MIX, PAM error was System error (4), NT error was NT_STATUS_INVALID_PARAMETER_MIX Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): internal module error (retval = 4, user = 'IUT-COLMAR\flavio.scollo') Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh: 0xb7fd5d28] LEAVE: pam_sm_authenticate returning 4 Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh: 0xb7fd5d28] STATE: ITEM(PAM_SERVICE) = "sshd" (0xb7fd5dd8) Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh: 0xb7fd5d28] STATE: ITEM(PAM_USER) = "flavio.scollo@iut-colmar.net" (0xb7fce148) Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh: 0xb7fd5d28] STATE: ITEM(PAM_TTY) = "ssh" (0xb7fd63f8) Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh: 0xb7fd5d28] STATE: ITEM(PAM_RHOST) = "adm028.iut-colmar.net" (0xb7fd8520) Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh: 0xb7fd5d28] STATE: ITEM(PAM_AUTHTOK) = 0xb7fd6408 Feb 25 12:23:46 etusrv06-bis sshd[23471]: pam_winbind(sshd:auth): [pamh: 0xb7fd5d28] STATE: ITEM(PAM_CONV) = 0xb7fda9e8 Feb 25 12:23:46 etusrv06-bis sshd[23471]: Failed password for invalid user flavio.scollo@iut-colmar.net from 10.252.12.12 port 37903 ssh2 Winbindd -F -i -d 10 last lines output : ..... Returning valid cache entry: key IDMAP/SID/S-1-5-21-1960408961-2147064713-1801674531-4452, value IDMAP/UID/74452, timeout = Mon Feb 25 12:30:19 2008 Storing response for pid 23500, len 3240 Added timed event "async_request_timeout": b7f71d70 timed_events_timeout: 299/999864 Destroying timed event b7f71d70 "async_request_timeout" Retrieving response for pid 23500 winbindd_sid2gid_async: Resolving S-1-5-21-1960408961-2147064713-1801674531-513 to a gid child daemon request 49 child_process_request: request fn DUAL_SID2GID [23492]: sid to gid S-1-5-21-1960408961-2147064713-1801674531-513 idmap_sid_to_gid: sid = [S-1-5-21-1960408961-2147064713-1801674531-513] Returning valid cache entry: key IDMAP/SID/S-1-5-21-1960408961-2147064713-1801674531-513, value IDMAP/GID/70513, timeout = Mon Feb 25 12:30:19 2008 winbindd_dual_sid2gid: 0x00000000 - S-1-5-21-1960408961-2147064713-1801674531-513 - 70513 Storing response for pid 23500, len 3240 Added timed event "async_request_timeout": b7f6f810 timed_events_timeout: 299/999909 Destroying timed event b7f6f810 "async_request_timeout" Retrieving response for pid 23500 accepted socket 18 process_request: request fn INTERFACE_VERSION [23497]: request interface version process_request: request fn WINBINDD_PRIV_PIPE_DIR [23497]: request location of privileged pipe accepted socket 21 process_request: request fn PAM_AUTH [23497]: pam auth IUT-COLMAR\FLAVIO.SCOLLO check_request_flags: invalid request flags[0x0000F092] Plain text authentication for IUT-COLMAR\FLAVIO.SCOLLO returned NT_STATUS_INVALID_PARAMETER_MIX (PAM: 4) -------------------------------------------------------- Nicolas Clementz Service Informatique R?seaux et T?l?com. IUT de Colmar
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nicolas.CLEMENTZ@uha.fr wrote:> > Hi, > > I'm currently trying the 3.2 version of winbindd (pam + nss + > winbindd). I would like to loging with the userPrincipalName on ? Win 2k3 > but I can't. Winbindd retrun NT_STATUS_INVALID_PARAMETER_MIX (PAM: 4) > Any ideaThis should be fixed in git now. Thanks for reporting. Guenther - -- G?nther Deschner GPG-ID: 8EE11688 Red Hat gdeschner@redhat.com Samba Team gd@samba.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHx+vCSOk3aI7hFogRAl6pAJ9H3ykvm02FiHjshwHhr1HA7Mc/dACfS31D koFq3UsRPyfZ7OEnS6VcIkQ=aeV9 -----END PGP SIGNATURE-----