running Solaris 5.8
we recently had a request to add winbind to our /etc/nsswitch.conf file
passwd: files winbind
to allow authentication for samba via an NT server (winbind)
However, now when a local (/etc/passwd, /etc/shadow) id expires, we get the following errors:
# passwd -f usera
# telnet 0
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
login: usera
Password:
Choose a new password.
New Password:
Re-enter new Password:
telnet: System error: repository out of range.
Connection closed by foreign host.
# tail -1 /var/adm/messages
Aug 23 15:29:28 host_a login: [ID 376080 auth.crit] change password failure: System error
The samba documentation talks about adding some libraries to /etc/pam.conf, but when we added them:
login auth sufficient /usr/lib/security/pam_winbind.so.1
other password sufficient /usr/lib/security/pam_winbind.so.1
that error condition is replaced by this error condition: (it tries to update a winbind password rather than a local password)
# telnet 0
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
SunOS 5.8
login: usera
Password:
Choose a new password.
New Password:
Changing password for usera
(current) NT password: (this is a local user, that does not exists in the NT domain)
Re-enter new Password:
Enter new NT password:
Retype new NT password:
telnet: System error: repository out of range.
Connection closed by foreign host.
# tail -3 /var/adm/messages
Aug 23 15:50:58 host_a pam_winbind[1485]: [ID 467601 auth.error] request failed: NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND, PAM error was 4, NT error was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND
Aug 23 15:50:58 host_a pam_winbind[1485]: [ID 637597 auth.error] internal module error (retval = 4, user = `usera'
Aug 23 15:50:58 host_a login[1485]: [ID 376080 auth.crit] change password failure: System error
This looks to me like something in the /etc/pam.conf is in need of changing, but alas I don't have a clue.
Sun says: "We don't support wibind" and "We don't support samba on 5.8"
And the Experts?
(let me know if you need more information)
http://twiki.org/cgi-bin/view/Codev/TransparentAuthentication
http://geocities.yahoo.com.br/vffzbr/help/winbind.html