-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, currently I'm testing samba authenticating against ADS. Samba is joined to that domain, getent passwd and wbinfo -u works as expected, but when I try to ssh to the samba server with an account in AD it failes. I've turned debug on for pam_winbind.so in /etc/pam.d/system-auth. When I try to connect I get the following in /var/log/secure Mar 21 16:10:35 samba-ads sshd[20542]: PAM unable to dlopen(/lib64/security/pam_winbind.so) Mar 21 16:10:35 samba-ads sshd[20542]: PAM [error: /lib64/security/pam_winbind.so: undefined symbol: talloc_asprintf] Mar 21 16:10:35 samba-ads sshd[20542]: PAM adding faulty module: /lib64/security/pam_winbind.so Mar 21 16:10:37 samba-ads sshd[20542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruserrhost=mgr2.nic.isb.d e.renzel.net user=mgr1 Mar 21 16:10:39 samba-ads sshd[20542]: Failed password for mgr1 from 10.2.0.5 port 55762 ssh2 I've installed the recent sernet-samba (samba3-3.3.2-38 ff) packages from repo. User's homedir is created manually with the right UID:GID from getent passwd, changing 'winbind use default domain' doesn't change anything. Cheers Matthias -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAknFCFYACgkQf3LySRiTg2xl0wCgjVTF3cgfEt5bGA2cuPZh0/p6 3vQAnR/1h58J0SkhJ3x1cNLVg/xLpSof =4iIR -----END PGP SIGNATURE-----
I'm might be wrong but it looks like the rpm binary you have is not compatible. I built my own from source easily enough. Grab the tarball from samba.org and extract: samba-3.3.2/packaging/RHEL ./makerpms.sh You'll obviously need compiler, rpm-build package and any dependencies the rpm build process complains about. 2009/3/21 Matthias Grimm <eisofen@eisofen.de>> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello, > > currently I'm testing samba authenticating against ADS. Samba is joined > to that domain, getent passwd and wbinfo -u works as expected, but when > I try to ssh to the samba server with an account in AD it failes. > I've turned debug on for pam_winbind.so in /etc/pam.d/system-auth. When > I try to connect I get the following in /var/log/secure > > Mar 21 16:10:35 samba-ads sshd[20542]: PAM unable to > dlopen(/lib64/security/pam_winbind.so) > Mar 21 16:10:35 samba-ads sshd[20542]: PAM [error: > /lib64/security/pam_winbind.so: undefined symbol: talloc_asprintf] > Mar 21 16:10:35 samba-ads sshd[20542]: PAM adding faulty module: > /lib64/security/pam_winbind.so > Mar 21 16:10:37 samba-ads sshd[20542]: pam_unix(sshd:auth): > authentication failure; logname= uid=0 euid=0 tty=ssh ruser> rhost=mgr2.nic.isb.d > e.renzel.net user=mgr1 > Mar 21 16:10:39 samba-ads sshd[20542]: Failed password for mgr1 from > 10.2.0.5 port 55762 ssh2 > > I've installed the recent sernet-samba (samba3-3.3.2-38 ff) packages > from repo. > User's homedir is created manually with the right UID:GID from getent > passwd, changing 'winbind use default domain' doesn't change anything. > > Cheers > > Matthias > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAknFCFYACgkQf3LySRiTg2xl0wCgjVTF3cgfEt5bGA2cuPZh0/p6 > 3vQAnR/1h58J0SkhJ3x1cNLVg/xLpSof > =4iIR > -----END PGP SIGNATURE----- > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Matthias Grimm wrote: rebuilding the RPMS made it. Dunno where the difference between their buildhost and my fresh installed CentOS is or if it's build on CentOS 5.2.. Cheers Matthias> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello, > > currently I'm testing samba authenticating against ADS. Samba is joined > to that domain, getent passwd and wbinfo -u works as expected, but when > I try to ssh to the samba server with an account in AD it failes. > I've turned debug on for pam_winbind.so in /etc/pam.d/system-auth. When > I try to connect I get the following in /var/log/secure > > Mar 21 16:10:35 samba-ads sshd[20542]: PAM unable to > dlopen(/lib64/security/pam_winbind.so) > Mar 21 16:10:35 samba-ads sshd[20542]: PAM [error: > /lib64/security/pam_winbind.so: undefined symbol: talloc_asprintf] > Mar 21 16:10:35 samba-ads sshd[20542]: PAM adding faulty module: > /lib64/security/pam_winbind.so > Mar 21 16:10:37 samba-ads sshd[20542]: pam_unix(sshd:auth): > authentication failure; logname= uid=0 euid=0 tty=ssh ruser> rhost=mgr2.nic.isb.d > e.renzel.net user=mgr1 > Mar 21 16:10:39 samba-ads sshd[20542]: Failed password for mgr1 from > 10.2.0.5 port 55762 ssh2 > > I've installed the recent sernet-samba (samba3-3.3.2-38 ff) packages > from repo. > User's homedir is created manually with the right UID:GID from getent > passwd, changing 'winbind use default domain' doesn't change anything. > > Cheers > > Matthias > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAknFCFYACgkQf3LySRiTg2xl0wCgjVTF3cgfEt5bGA2cuPZh0/p6 > 3vQAnR/1h58J0SkhJ3x1cNLVg/xLpSof > =4iIR > -----END PGP SIGNATURE----- > >-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3646 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.samba.org/archive/samba/attachments/20090323/8c5e5b12/smime.bin