Hi All, Well, i've managed to enable some debugging in syslog, I had to put in /etc/syslog.conf
;*.debug on the syslog line. So at least I have an error which is being returned into syslog from winbind. This is what I get from winbind Feb 4 21:13:17 coastdr pam_winbind[20753]: Verify user `lonnie' Feb 4 21:13:18 coastdr pam_winbind[20753]: user 'lonnie' granted acces Feb 4 21:13:18 coastdr pam_winbind[20753]: LOGIN: exiting with return code 13 This is what I get from pamsmb (ignore the dates, they are a bit funny for some reason) Feb 5 14:53:55 coastdr pamsmbd[20119]: server: remote auth user unix:trainingus er nt:traininguser NTDOM:WESTCOASTDHB PDC:COASTDB BDC: Feb 5 14:53:55 coastdr pamsmbd[20119]: cache_add: inserted entry Feb 4 20:53:55 coastdr : pamsmbd: Got something back... 0 Feb 4 20:53:55 coastdr : pam_smb: got back 0 username traininguser Feb 4 20:53:55 coastdr : LOGIN: exiting with return code 13 So the error with pamsmb and winbind is the same. I've done a man on login and can only find a description of errors, not the error codes. What is error code 13? If I can find that out it will make looking for it a bit easier. I thought it might be that the shell doens't exist, but I tried making a user with a invalid shell and get back error code 1, so its not that. Ideas? Cheers Miles -----Original Message----- From: Miles Roper Sent: Monday, 3 February 2003 08:54 a.m. To: 'MCCALL,DON (HP-USA,ex1)' Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Esh, Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); 'Richard Sharpe'; 'John H Terpstra' Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help Thanks for your help, still no luck though. More info for you. with no debug statements in my /etc/pam.conf I get in sys log the following. Feb 2 14:43:02 coastdr pam_winbind[2832]: user 'traininguser' granted acces with debug turned on I get Feb 2 14:47:49 coastdr pam_winbind[2839]: Verify user `traininguser' Feb 2 14:47:49 coastdr pam_winbind[2839]: user 'traininguser' granted acces the user is still logging out. incidentlally, when I log in as a unix user, rather than a win2k user I don't get anything in sys log. I've included my pam.conf below. Also, I checked for /etc/shells, no such file, and I have set my smb.conf shell line to template shell = /sbin/sh and also tried template shell = /usr/bin/sh both files exist. # # PAM configuration # # Authentication management # login auth sufficient /usr/lib/security/libpam_unix.1 debug login auth sufficient /usr/lib/security/libpam_winbind.1 debug #login auth sufficient /usr/lib/security/libpam_smb.1 nolocal debug su auth required /usr/lib/security/libpam_unix.1 debug dtlogin auth required /usr/lib/security/libpam_unix.1 debug dtaction auth required /usr/lib/security/libpam_unix.1 debug ftp auth required /usr/lib/security/libpam_unix.1 debug OTHER auth required /usr/lib/security/libpam_unix.1 debug # # Account management # login account sufficient /usr/lib/security/libpam_unix.1 debug login account sufficient /usr/lib/security/libpam_winbind.1 debug su account required /usr/lib/security/libpam_unix.1 debug dtlogin account required /usr/lib/security/libpam_unix.1 debug dtaction account required /usr/lib/security/libpam_unix.1 debug ftp account required /usr/lib/security/libpam_unix.1 debug # OTHER account required /usr/lib/security/libpam_unix.1 debug # # Session management # login session sufficient /usr/lib/security/libpam_unix.1 debug login session sufficient /usr/lib/security/libpam_winbind.1 debug dtlogin session required /usr/lib/security/libpam_unix.1 debug dtaction session required /usr/lib/security/libpam_unix.1 debug OTHER session required /usr/lib/security/libpam_unix.1 debug # # Password management # login password sufficient /usr/lib/security/libpam_unix.1 debug login password sufficient /usr/lib/security/libpam_winbind.1 debug passwd password required /usr/lib/security/libpam_unix.1 debug passwd password required /usr/lib/security/libpam_winbind.1 debug dtlogin password required /usr/lib/security/libpam_unix.1 debug dtaction password required /usr/lib/security/libpam_unix.1 debug OTHER password required /usr/lib/security/libpam_unix.1 debug Cheers Miles -----Original Message----- From: MCCALL,DON (HP-USA,ex1) [mailto:[EMAIL PROTECTED]] Sent: Saturday, 1 February 2003 04:53 a.m. To: 'John H Terpstra'; Miles Roper Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Esh, Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); MCCALL,DON (HP-USA,ex1); 'Richard Sharpe' Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help Hi, Miles, Actually on HP-UX, you will need to add the word 'debug' at the end of each of the lines in you /etc/pam.conf file, to enable more debugging to go into the /var/adm/syslog/syslog.log file. One thing that I have seen something like this happen on is if the /etc/shells file is corrupt, or if the shell that is defined for the user (since they don't have a /etc/passwd entry, this would be whatever you put in template in the smb.conf) does not exactly match one of the lines in /etc/shells, or the defaults, if this file does not exist. The defaults for 11.0 are: /sbin/sh /usr/bin/sh /usr/bin/rsh /usr/bin/ksh /usr/bin/rksh /usr/bin/csh /usr/bin/keysh Hope this helps, Don > -----Original Message----- > From: John H Terpstra [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 31, 2003 1:36 > To: Miles Roper > Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Esh, > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); 'MCCALL,DON > (HP-USA,ex1)'; 'Richard Sharpe' > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help > > > On Fri, 31 Jan 2003, Miles Roper wrote: > > > Hi Everyone, > > > > I'm forgetting about the password one at the moment, thanks > for all your > > input :o) > > > > I still don't have a clue how to solve my main problem. > I'm assuming that > > its not actually winbind related now, as I've recently > tried pam_smb and get > > the same basic problem. > > > > Basically, when I log into the UNIX box, the > username/password of a NT user > > is being authenticated, but doesn't actually log in. It > doesn't get past > > the password line. I know it accepts the password. Its > almost as if it > > can't find the shell. But the template variable is set > within the smb.conf > > file. Permissions are fine. I have exactly the same > problem with the > > pam_smb module. > > So what does PAM report into your /var/log files? > > Have you tried adding to each line in your /etc/pam.d/login > (after the .so > file name) the word 'audit' - this will increase the volume > of debugging > info spit out into /var/log/messages, or wherever PAM send > this on your > distro. > > - John T. > > > > > If there is any further information I can send let me know. > > > > Ideas? > > > > Thanks > > > > Miles > > > > > > -----Original Message----- > > From: MCCALL,DON (HP-USA,ex1) [mailto:[EMAIL PROTECTED]] > > Sent: Friday, 31 January 2003 07:06 a.m. > > To: STEFFENS,MICHAEL (HP-Germany,ex1); Ronan Waide > > Cc: '[EMAIL PROTECTED]'; Esh, Andrew; Miles Roper; > > '[EMAIL PROTECTED]'; 'Richard Sharpe' > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, > Please Help > > > > > > Hi Everyone, > > This whole problem with the password command not working > when winbind > > is included as a method in the nsswitch.conf can probably > be worked around > > by simply using the -r files (or -r nis or -r nisplus) > switch. Take a look > > at the man page for passwd on HP-UX 11.x and see if this > won't help you > > out. > > Hope this helps, > > Don > > > > > -----Original Message----- > > > From: Michael Steffens [mailto:[EMAIL PROTECTED]] > > > Sent: Tuesday, January 28, 2003 11:52 > > > To: Ronan Waide > > > Cc: '[EMAIL PROTECTED]'; Esh, Andrew; Miles Roper; > > > '[EMAIL PROTECTED]'; 'Richard Sharpe' > > > Subject: Re: [Samba] RE: Winbind on HPUX11, Totally > Stuck, Please Help > > > > > > > > > Ronan Waide wrote: > > > > On January 28, [EMAIL PROTECTED] said: > > > > > > > >>I don't have HPUX, so I don't know what to suggest for > > > that. I just know > > > >>getent won't work without winbindd in nsswitch.conf on Linux. > > > > > > > > > > > > I think the point that was being made is that NSS support > > > on HPUX only > > > > supports a few known types, of which one is LDAP. The > discussion was > > > > basically about faking out the system so that what it > thinks is LDAP > > > > is actually winbind. > > > > > > Yep. It's a HP-UX specific workaround. Please ignore it > > > everywhere else. > > > > > > Michael > > > > > > > > > > -- > John H Terpstra > Email: [EMAIL PROTECTED] > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba