PAM rlogin Winbind - Solaris - NT Domain

From: Sundaram Ramasamy (sun@percipia.com)
Date: Tue Dec 10 2002 - 09:33:34 EST

• Next message: jon.ingason@equant.com: "SUMMARY: Driver for D-Link DFE-580TX"
• Previous message: andy.holdaway@zoom.co.uk: "T3 volume recon times"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

I am trying to install winbind PAM on my Solaris 8 machine. The Samba server
has been added to the domain as a member
server, and things, like getent passwd and group actually work and showing the
NT domain accounts .

Since its production machine first I want to enable winbind authentication
for rloing module. I made change in my /etc/pam.conf. But I was not able to
login. Same configuration works in Linux machine.

I am attaching my configuration files. please help me

Thanks
SR

$ rlogin techgroup+guest@192.168.1.131
Password:
Login incorrect
rlogin: connection closed.

bash-2.03# ls /export/home/guest
bash-2.03#

 tail -f /var/adm/messages
Dec 10 09:26:03 pnet login[1622]: [ID 468494 auth.crit] login account failure:
No account present for user

bash-2.03# /usr/local/samba/bin/wbinfo -t
Secret is good

***Versions:***
Solaris 8
Samba 2.2.7 compiled --with-pam --with-winbind

more /etc/nsswitch.conf

passwd: files winbind
group: files winbind

***smb.conf***

[global]
# printing = bsd
# printcap name = /etc/printcap
# load printers = yes
   guest account = pcguest

    workgroup = TECHGROUP
    #security = Share
    security = DOMAIN
   ENCRYPT PASSWORDS = YES
   password server = enterprise
    hosts allow = localhost, pnet, 192.168.1.140, 192.168.1.
    hosts deny = All

    # use uids from 10000 to 20000 for domain users
    winbind uid = 10000-20000

    # use gids from 10000 to 20000 for domain groups
    winbind gid = 10000-20000

    # allow enumeration of winbind users and groups
    winbind enum users = yes
    winbind enum groups = yes

    # give winbind users a real shell (only needed if
    # they have telnet access)
    template homedir = /export/home/%U
    #template homedir = /home/%U
    template shell = /bin/bash
        winbind separator = +

        wins support = no
        wins server = 192.168.1.135
        name resolve order = hosts lmhosts bcast

; This next option sets a separate log file for each client. Remove
; it if you want a combined log file.
        log file = /var/log/log.%m
        log level = 2

; You will need a world readable lock directory and "share modes=yes"
; if you want to support the file sharing modes for multiple users
; of the same files
  lock directory = /usr/local/samba/var/locks
  share modes = yes

[homes]
   comment = Home Directories
   browseable = no
   read only = no
   create mode = 0750

[printers]
   comment = All Printers
   browseable = no
   printable = yes
   public = no
   writable = no
   create mode = 0700

[share]
        path = /export/home/share
        comment = Solaris share
        guest ok = Yes
        read only = No

bash-2.03# more /etc/pam.conf
#
#ident "@(#)pam.conf 1.14 99/09/16 SMI"
#
# Copyright (c) 1996-1999, Sun Microsystems, Inc.
# All Rights Reserved.
#
# PAM configuration
#
# Authentication management
#
login auth required /usr/lib/security/$ISA/pam_unix.so.1
login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1
#

rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin auth sufficient /usr/lib/security/pam_winbind.so debug
rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
#
dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1
#
rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1
other auth required /usr/lib/security/$ISA/pam_unix.so.1
#
# Account management
#
login account requisite /usr/lib/security/$ISA/pam_roles.so.1
login account required /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1
dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1
#
other account requisite /usr/lib/security/$ISA/pam_roles.so.1
other account required /usr/lib/security/$ISA/pam_unix.so.1
#
# Session management
#
other session required /usr/lib/security/$ISA/pam_unix.so.1
#
# Password management
#
other password required /usr/lib/security/$ISA/pam_unix.so.1
dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1
#
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#
#rlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#login auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1
try_first_p
ass
#other auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin account optional /usr/lib/security/$ISA/pam_krb5.so.1
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: jon.ingason@equant.com: "SUMMARY: Driver for D-Link DFE-580TX"
• Previous message: andy.holdaway@zoom.co.uk: "T3 volume recon times"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:25:26 EDT