dombrowsky |
08-18-2008 04:27 PM |
pure-ftpd with winbind, cannot authenticate
Its a shot in the dark, but I've wasted too much time to just go home empty handed today.
I've been trying all day to get pure-ftpd to work using winbind and active directory. I've set samba up and connected everything to the domain controler. These work fine:
* using "getent passwd" lists all the domain users along with the local
* using "wbinfo -a user%pass" authenticates with active directory
However, no matter what I do, if I try to log into the ftp site using a domain user, I get:
Code:
Aug 18 17:17:09 crm pure-ftpd(pam_unix)[14673]: could not identify user (from getpwnam(rjersey))
Aug 18 17:17:09 crm (IDLE)[14673]: (?@rome.com) [WARNING] Authentication failed for user [rjersey]
Aug 18 17:17:12 crm (IDLE)[14673]: (?@rome.com) [INFO] Logout.
log of winbindd ->
Code:
[2008/08/18 17:17:09, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491)
[14673]: request interface version
[2008/08/18 17:17:09, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524)
[14673]: request location of privileged pipe
[2008/08/18 17:17:09, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(751)
[14673]: pam auth rjersey
(and then nothing...)
/etc/pam.d/pure-ftpd ->
Code:
auth required /lib/security/pam_securetty.so
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_pwdb.so use_first_pass shadow nullok
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so
/etc/pam.d/system-auth ->
Code:
auth required pam_env.so
auth sufficient pam_winbind.so
auth sufficient pam_unix.so likeauth nullok
auth required pam_deny.so
account required pam_unix.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password sufficient pam_unix.so nullok md5 shadow use_authtok
password required pam_deny.so
session required pam_limits.so
session required pam_unix.so
anyone have a clue? I'm not the first sysadmin who has hit this wall on configuring this server. In fact, the project has outlived 2 other administrators. Any help would be well appreciated.
|