Red HatThis forum is for the discussion of Red Hat Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Linux mymachine.mydoman.com 2.6.9-42.0.2.ELsmp #1 SMP Thu Aug 17 18:00:32 EDT 2006 i686 i686 i386 GNU/Linux
I'm getting the following messages in logwatch after configuring samba/winbind. Domain users can ssh (home directory is created) and ftp. I wil post my config steps for samba/winbind after this post. Any clues to what I've done wrong would be greatly appreciated
Users logging in through sshd:
mydomain\\don:
it1.mydomain.com (192.168.2.173): 2 times
Received disconnect:
11: All open channels closed
::ffff:192.168.2.173 : 1 Time(s)
**Unmatched Entries**
pam_krb5[24666]: no v5 creds for user 'mydomain\don', skipping session cleanup
pam_krb5[24664]: authentication fails for 'mydomain\don' (fdidon@FDI.com): User not known to the underlying authentication module (Client not found in Kerberos database)
pam_krb5[24664]: account checks fail for 'mydomain\don': user is unknown
This causes problems with certain 3rd party applications such as ROC Easyspooler web interface where neither local or domain users can be validated (except root).
Output from 3rd party authentication test script (caut, verifies trusted, /etc/password and pam flavor of choice) is as follows for local user.
Authentication dump
service (eg "su") - pam_sudo
user name - buddyj
password (will be echoed) - xxxxxxx
auth_auth: debug 1 inline 0
auth_trusted: getspname found entry User buddyj
sp_namp: buddyj
sp_pwdp: imaskedtheoutput
auth_check_passwd_crypt: glibc2 crypt OK - passed
auth_etc_passswd: getpwnam found entry for User buddyj
pw_name: buddyj
pw_passwd: x
auth_check_passwd_crypt: FAILED (Standard crypt) *****
auth_check_passwd_crypt: Salt x passwd x crypt_result xxcxxxxxnNA
Calling pam_start
pam_start succeeded for service pam_sudo, user buddyj
Calling pam_authenticate
[GUI]Authentication failure for buddyj (PAM Err# 7)
[Result]NOK
Authentication failure for buddyj
and for domain user only
Authentication dump
service (eg "su") - pam_sudo
user name - mydomain\don
password (will be echoed) - xxxxx
auth_auth: debug 1 inline 0
auth_trusted: getspname did not find an entry for User fdi\don
auth_etc_passswd: getpwnam found entry for User mydomain\don
pw_name: don
pw_passwd: *
auth_check_passwd_crypt: FAILED (Standard crypt) *****
auth_check_passwd_crypt: Salt * passwd * crypt_result **7xxxxxxxA
Calling pam_start
pam_start succeeded for service pam_sudo, user mydomain\don
Calling pam_authenticate
[GUI]Authentication failure for mydomain\don (PAM Err# 7)
[Result]NOK
Authentication failure for mydomain\don
This should give you feedback on what it finds t
There are the pertinent changes I made to smb.conf [run testparm to verify typing!]
'#' are my comments for this post, not in my file
[global]
workgroup = mydomain #short domain name
realm = MYDOMAIN.COM #kerbos realm see below should be caps
server string = Test Server #Description type field for server
security = ads #I want Active Directory Service (security?)
password server = 192.168.2.6 192.168.2.7 #my PDC, BDC
template primary group = mycompany #pre-configured group I want as primary
template homedir = /home/%U # for use with pam_mkhomedirso parent has to
# exist. /home/%D/%U will create /home/mydomain/username
template shell = /bin/bash # shell I want them to start up
winbind use default domain = yes # this is supposed to keep you from having to log on as
# as mydomain\username but can just do username
# not working for me yet....
hosts allow = 192.168.2., 192.168.4., 127. #not required but I want to controll what subnets
#can log on
[netlogon] # I uncommented this section, not sure if it wasnecessary
3. Run testparm to make sure it likes the edited file. The FAQ says to restart the services but step 4 requires
a reboot
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
