We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Can not Log in Linux with Windows user

t79homasdw
t79homasdw asked
on
Medium Priority
487 Views
Last Modified: 2010-05-18
I have recently upgraded my system from Samba 2.7 to Samba 3.0.2a

I am on a 2K Domain running in mixed mode named FLORIDA and I was able to add my Linux system (MDKFTP) successfully to the domain.  It is recognized in Network Neighborhood, and when I double click on it asks me to authenticate.  When I try to put in my Windows username (FLORIDA\dthomas or FLORIDA+dthomas) and password it does not authenticate.  When I checked auth.log it displayed the following:

pam_winbind[21813] request failed: Access Denied, PAM error was 4, NT_Status_Access_Denied
pam_winbind[21813] internal module error: (retval = 4, user = FLORIDA\dthomas)

I am trying to share this directory with Windows:  /var/ftp/ftp/

The following functions work on MDKFTP:

wbinfo -t  : It says that the secret is good
wbinfo -g: It shows all the groups in AD
wbinfo -u: It shows all the users in AD
getent passwd: It shows all the users
getent group: It shows all the groups

smb.conf

[global]
      log file = /var/log/samba/log.%m
      character set = ISO8859-15
      socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
      wins server = 192.168.0.29
      encrypt passwords = yes
      # winbind use default domain = yes
      # winbind separator = +
      winbind uid = 10000-20000
      winbind gid = 10000-20000
      template shell = /usr/sbin/scponlyc
      dns proxy = No
      server string = Samba Server %v
      password server = *
      winbind enum users = yes
      winbind enum groups = yes
      local master = No
      template homedir = /var/ftp//ftp
      workgroup = FLORIDA
      os level = 18
      max log size = 50

[ftp]
      comment = FTP folder
      valid users = @FLORIDA\MDKFTP_R,@FLORIDA\MDKFTP_W
      inherit permissions = yes
      path = /var/ftp/ftp
      write list = @FLORIDA\MDKFTP_W
      inherit acls = yes

nsswitch.conf

passwd:     files winbind nisplus nis
shadow:     files winbind nisplus nis
group:      files winbind nisplus nis

#hosts:     db files nisplus nis dns
hosts:      files winbind dns nisplus nis

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files    

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   nisplus

publickey:  nisplus

automount:  files nisplus
aliases:    files nisplus


PAM:

/etc/pam.d/login

#%PAM-1.0
auth       required      /lib/security/pam_securetty.so
auth         sufficient      /lib/security/pam_winbind.so
auth         sufficient      /lib/security/pam_unix.so use_first_pass
auth       required      /lib/security/pam_stack.so service=system-auth
auth       required      /lib/security/pam_nologin.so
account         sufficient      /lib/security/pam_winbind.so
account    required      /lib/security/pam_stack.so service=system-auth
password   required      /lib/security/pam_stack.so service=system-auth
session    required      /lib/security/pam_stack.so service=system-auth
session    optional      /lib/security/pam_console.so

auth       required     /lib/security/pam_listfile.so onerr=fail item=user sense=allow file=/etc/concord/loginusers

/etc/pam.d/xdm

#%PAM-1.0
auth       required      /lib/security/pam_pwdb.so shadow nullok
auth         sufficient      /lib/security/pam_winbind.so
auth       required      /lib/security/pam_nologin.so
account    required      /lib/security/pam_pwdb.so
account         sufficient      /lib/security/pam_winbind.so
password   required      /lib/security/pam_cracklib.so
password   required      /lib/security/pam_pwdb.so shadow nullok use_authtok
session    required      /lib/security/pam_pwdb.so
session    optional     /lib/security/pam_console.so

/etc/pam.d/samba3

#%PAM-1.0
auth         required      /lib/security/pam_securetty.so
auth       required      /lib/security/pam_nologin.so
auth         sufficient      /lib/security/pam_winbind.so
auth       required      /lib/security/pam_wdb.so use_first_pass shadow nullok
account    required      /lib/security/pam_winbind.so
session    required      /lib/security/pam_stack.so service=system-auth

/etc/pam.d/system-auth-winbind

#%PAM-1.0

auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_winbind.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok use_first_pass
auth        required      /lib/security/pam_deny.so

account     sufficient    /lib/security/pam_winbind.so
account     required      /lib/security/pam_unix.so

password    required      /lib/security/pam_cracklib.so retry=3
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5 shadow
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022
session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so

Any help would be much appreciated.

Thank you

Dan
Comment
Watch Question

Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
TolomirAdministrator
CERTIFIED EXPERT
Top Expert 2005

Commented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:
Split: parkerig{http:#10755817} & richiemarshall{http:#10783542}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

Tolomir
EE Cleanup Volunteer



Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.