Ok I got around the problem of /bin/false shell ! I rechecked all the configs and joined the machines to to domain again using
net join ads -w asurite -U Administrator -S <server-name> and it showed proper login shell in getent output! So users can login now, and thanks to Philipoff's excellent suggestion, I have given ssh access only to admins group using pam_succeed_if.so Only issue now is , intermittently winbind seems to die and getent produces no output , and users cannot login , the /var/log/secure entries are Jun 5 16:06:24 mymachine sshd[15223]: pam_winbind(sshd:account): pam_winbind_request: read from socket failed! Jun 5 16:06:24 mymachine sshd[15223]: pam_winbind(sshd:account): internal module error (retval = 3, user = 'abhinan') Jun 5 16:06:24 mymachine sshd[15223]: Failed password for abhinan from 129.219.249.116 port 50991 ssh2 Jun 5 16:06:24 mymachine sshd[15224]: fatal: Access denied for user abhinan by PAM account configuration A restart of winbind service fixes this problem. Also during this, the winbindd log shows error regarding DCERPC_FAULT_ACCESS_DENIED . So thanks to all here, apart from this issue my original problem is solved now! Cheers On Thursday 05 June 2008 08:25:34 Gerald (Jerry) Carter wrote: > Aniket Bharaswadkar wrote: > > I already had template shell = /bin/bash in my smb.conf, and still > > winbind was reporting the shell as /bin/false. This is the real problem. > > Winbind seems to ignore the template shell directive from the config > > file!!! First I tried with a manually edited file, next I configured > > using authconfig-gtk in fedora, both give same results (ie shell > > reported as /bin/false. I am posting my current smb.conf here. > > Are you absolutely sure you restarted winbindd after making > any config changes? Also in current versions the nss_info data > is cached for a period of "winbind cache time seconds" so you may > need to purge winbindd_cache.tdb. Also check for any other > caching services (e.g. nscd) outside of winbindd. > > > > cheers, jerry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba