LINUX.ORG.RU
решено ФорумAdmin

pam_winbind работает только для админа домена AD


0

0

hi! Samba 3.5.4 на Centos 5.5. Аутентификация в АД работает только для одного логина, который является админом домена.

Jul  7 16:08:07 centos gdm[2243]: pam_winbind(gdm:auth): [pamh: 0x9437ed8] ENTER: pam_sm_authenticate (flags: 0x0000)
Jul  7 16:08:07 centos gdm[2243]: pam_winbind(gdm:auth): getting password (0x00000011)
Jul  7 16:08:07 centos gdm[2243]: pam_winbind(gdm:auth): pam_get_item returned a password
Jul  7 16:08:07 centos gdm[2243]: pam_winbind(gdm:auth): Verify user 'sanches'
Jul  7 16:08:07 centos gdm[2243]: pam_winbind(gdm:auth): request wbcLogonUser succeeded
Jul  7 16:08:07 centos gdm[2243]: pam_winbind(gdm:auth): user 'sanches' granted access
Jul  7 16:08:07 centos gdm[2243]: pam_winbind(gdm:auth): Returned user was 'sanches'
Jul  7 16:08:07 centos gdm[2243]: pam_winbind(gdm:auth): [pamh: 0x9437ed8] LEAVE: pam_sm_authenticate returning 0 (PAM_SUCCESS)
Jul  7 16:08:08 centos gdm[2243]: pam_winbind(gdm:setcred): [pamh: 0x9437ed8] ENTER: pam_sm_setcred (flags: 0x0002)
Jul  7 16:08:08 centos gdm[2243]: pam_winbind(gdm:setcred): PAM_ESTABLISH_CRED not implemented
Jul  7 16:08:08 centos gdm[2243]: pam_winbind(gdm:setcred): [pamh: 0x9437ed8] LEAVE: pam_sm_setcred returning 0 (PAM_SUCCESS)
Jul  7 16:08:08 centos gdm[2243]: pam_unix(gdm:session): session opened for user sanches by (uid=0)

Есть еще тестовый пользователь домена test. Вот его лог, где видно, что pam_winbind в игноре

Jul  7 16:16:56 centos gdm[2243]: pam_unix(gdm:auth): check pass; user unknown
Jul  7 16:16:56 centos gdm[2243]: pam_unix(gdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= 
Jul  7 16:16:56 centos gdm[2243]: pam_succeed_if(gdm:auth): error retrieving information about user test
Куда копать?

Ответ на: комментарий от tux2002

wbinfo -u | grep test
test
cat /etc/samba/smb.conf 
 
[global]
log file = /var/log/samba/log.%m

null passwords = yes 

interfaces = 192.168.50.12/255.255.255.0 

hosts allow = 192.168.50. 127.0.0.1

encrypt passwords = yes
idmap backend = rid

idmap cache time = 1
idmap negative cache time = 1
winbind cache time = 1

auth methods = winbind
winbind enum groups = yes
winbind enum users = yes
winbind use default domain = yes

template homedir = /home/%U
template shell = /bin/bash



name resolve order = hosts wins bcast lmhosts
case sensitive = no
dns proxy = no

netbios name = centos


password server = big.dom.ru 

realm = DOM.RU  

client use spnego = yes
client signing = yes
local master = no
domain master = no
preferred master = no

workgroup = DOM

debug level = 2
security = ads
dos charset = 866

unix charset = UTF-8
max log size = 50
os level = 0
wins server = 192.168.50.2


[upload]
comment = Upload
path = /tmp
browseable = yes
writeable = yes
directory mask = 0777
create mask = 0666
valid users = @”Администраторы домена”, DOM.RU\Пользователь
macumazan ★★
() автор топика
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.