On Fri, Sep 15, 2006 at 11:42:12AM -0300, Felipe Augusto van de Wiel wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 09/12/2006 06:50 PM, Matt Herzog escreveu: > > I have the winbind login working on FC5 but now logins to local accounts > > cannot authenticate. > > > > My config files are here: > > > > http://www.pigeonnier.org/nsswitch.conf > > http://www.pigeonnier.org/pam.d/ > > http://www.pigeonnier.org/krb.conf > > > > Again, if I try to ssh in as a user that exists only as a local account on > > the remote > > host, I am rejected. User msh is -not- a AD account and only exists on the > > FC5 server "province" > > > >>From the /var/log/secure file: > > > > Sep 12 16:58:29 province sshd[11521]: reverse mapping checking getaddrinfo > > for zogness.cinteractive.com failed - POSSIBLE BREAK-IN ATTEMPT! > > Sep 12 16:58:33 province sshd[11521]: pam_unix(sshd:auth): authentication > > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.76.121.62 user=msh > > Sep 12 16:58:35 province sshd[11521]: Failed password for msh from > > 198.76.121.62 port 58069 ssh2 > > Sep 12 16:58:39 province sshd[11521]: pam_succeed_if(sshd:account): > > requirement "uid < 100" not met by user "msh" > > Sep 12 16:58:39 province sshd[11521]: fatal: Access denied for user msh by > > PAM account configuration > > Well, for some reason your pam requires that your user has > an uid less than 100, I don't know why, but it doesn't looks like > to be related with Samba. > > Kind regards,
Thanks. My problem was solved by Red Hat's authconfig utility. I am still kicking myself for not having run it before. As it turns out, Red Hat's PAM config for winbind authentication puts the line: session sufficient pam_mkhomedir.so skel=/etc/skel umask=0027 in /etc/pam.d/sshd while in Debian that same line needs to be in /etc/pam.d/system-auth. -- Announcing your plans is a good way to hear the gods' laughter. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba