Hello all,

I have recently configured my first server with winbind/pam.d for domain authentication and I'm having a frustrating issue that I hope someone here will be able to help me with.

I don't have any issues SSHing to the server with domain accounts that have been granted access, but no local accounts are able to gain access even though they have been specified in /etc/security/access.conf -- including root. Local accounts are also unable to login via console, telnet or FTP.

When I attempt to SSH to the server as root, after providing the password, the connection is closed by the server. There are no restrictions for the root account.

Looking through /etc/security/auth.log, I see the following two lines:

Jun 1 12:16:07 devwinbind sshd[17504]: Failed password for root from xxx.xxx.xxx.xxx port 53998 ssh2
Jun 1 12:16:07 devwinbind sshd[17504]: fatal: Access denied for user root by PAM account configuration [preauth]

The first line is definitely incorrect as I have made the root password extremely simple and I know I am typing it correctly.

Luckily, I granted my domain account sudo access, so I am still able to make any config changes. However, I would like to be able to work through this issue and be able to log in as root.

Has anyone seen this type of behavior before? Any help would be greatly appreciated.

Edit: I should also mention I am using '+' as a domain separator and not using the default domain in winbind so root is not being passed through as DOMAIN+root.

are you configuring for window and linux?

yes, i am configuring a debian server to use active directory credentials to control access to the debian server. the active directory credentials are working fine, but none of the local accounts -- such as root -- are unable to login. su - also does not work even though i am typing the password correctly.