linux client auth failure against PDC

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

linux client auth failure against PDC

Matt Finlayson
subject: linux client auth to samba pdc fails

I have a problem getting linux clients to authenticate against a Samba PDC.
/etc/pam.d/system-auth

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so debug
auth        sufficient    /lib/security/$ISA/pam_unix.so debug likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_smb_auth.so debug
use_first_pass nolocal
auth        required      /lib/security/$ISA/pam_deny.so debug

account     required      /lib/security/$ISA/pam_unix.so debug
account     sufficient    /lib/security/$ISA/pam_succeed_if.so debug uid <
100 quiet
account     required      /lib/security/$ISA/pam_permit.so debug

password    requisite     /lib/security/$ISA/pam_cracklib.so debug retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so debug nullok
use_authtok md5
#password    sufficient    /lib/security/$ISA/pam_smb_auth.so debug
use_first_pass nolocal
password    required      /lib/security/$ISA/pam_deny.so debug

session     required      /lib/security/$ISA/pam_limits.so debug
session     required      /lib/security/$ISA/pam_unix.so debug

/etc/pam_smb.conf
"my domain"
"my Server"
none

When I try to logon to the linux client machine with a username and
password stored in samba I get the following error message in
/var/log/samba/%m.logfile [2005/11/17 14:21:53, 2]
smbd/server.c:exit_server(609)
  Closing connections
[2005/11/17 14:21:53, 3] smbd/connection.c:yield_connection(69)
  Yielding connection to
[2005/11/17 14:21:53, 3] smbd/connection.c:yield_connection(76)
  yield_connection: tdb_delete for name  failed with error Record does not
exist.
[2005/11/17 14:21:53, 3] smbd/server.c:exit_server(652)
  Server exit (normal exit)

I need help fixing this.  The goal is to have a Samba PDC server that will
authenticate both windwos and linux clients using the same password.
Windows clients rely on the samba PDC for user info, authentication, user
network shares, etc.  And Linux clients rely on ldap for user info
(/etc/password type stuff), nfs for access to user network share, and samba
for authentication.  This setup works on our old platform; RH9, samba
2.something, ldapV2.2.13 but I cannot get smb auth to work for the linux
clients.

Any help?

My apologies for poor etiquette in posting this to
[hidden email] and [hidden email]

Thanks,

--
Matt Finlayson
Information Technology Specialist
School of Engineering and Computer Science
Washington State University Vancouver
360-546-9481

It has been said, “A day that is without troubles is not fulfilling.
Rather, give me a day of troubles well handled so that I can be content
with my achievements.”





-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
Reply | Threaded
Open this post in threaded view
|

Re: linux client auth failure against PDC

Matt Finlayson



Matt Finlayson wrote:

> subject: linux client auth to samba pdc fails
>
> I have a problem getting linux clients to authenticate against a Samba PDC.
> /etc/pam.d/system-auth
>
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth        required      /lib/security/$ISA/pam_env.so debug
> auth        sufficient    /lib/security/$ISA/pam_unix.so debug likeauth nullok
> auth        sufficient    /lib/security/$ISA/pam_smb_auth.so debug
> use_first_pass nolocal
> auth        required      /lib/security/$ISA/pam_deny.so debug
>
> account     required      /lib/security/$ISA/pam_unix.so debug
> account     sufficient    /lib/security/$ISA/pam_succeed_if.so debug uid <
> 100 quiet
> account     required      /lib/security/$ISA/pam_permit.so debug
>
> password    requisite     /lib/security/$ISA/pam_cracklib.so debug retry=3
> password    sufficient    /lib/security/$ISA/pam_unix.so debug nullok
> use_authtok md5
> #password    sufficient    /lib/security/$ISA/pam_smb_auth.so debug
> use_first_pass nolocal
> password    required      /lib/security/$ISA/pam_deny.so debug
>
> session     required      /lib/security/$ISA/pam_limits.so debug
> session     required      /lib/security/$ISA/pam_unix.so debug
>
> /etc/pam_smb.conf
> "my domain"
> "my Server"
> none
>
> When I try to logon to the linux client machine with a username and
> password stored in samba I get the following error message in
> /var/log/samba/%m.logfile [2005/11/17 14:21:53, 2]
> smbd/server.c:exit_server(609)
>   Closing connections
> [2005/11/17 14:21:53, 3] smbd/connection.c:yield_connection(69)
>   Yielding connection to
> [2005/11/17 14:21:53, 3] smbd/connection.c:yield_connection(76)
>   yield_connection: tdb_delete for name  failed with error Record does not
> exist.
> [2005/11/17 14:21:53, 3] smbd/server.c:exit_server(652)
>   Server exit (normal exit)
>
> I need help fixing this.  The goal is to have a Samba PDC server that will
> authenticate both windwos and linux clients using the same password.
> Windows clients rely on the samba PDC for user info, authentication, user
> network shares, etc.  And Linux clients rely on ldap for user info
> (/etc/password type stuff), nfs for access to user network share, and samba
> for authentication.  This setup works on our old platform; RH9, samba
> 2.something, ldapV2.2.13 but I cannot get smb auth to work for the linux
> clients.
>
> Any help?
>
> My apologies for poor etiquette in posting this to
> [hidden email] and [hidden email]
>
> Thanks,
>


The error is generated from smbd/connection.c:

  Delete a connection record.
****************************************************************************/

BOOL yield_connection(connection_struct *conn, const char *name)
{
         struct connections_key key;
         TDB_DATA kbuf;

         if (!tdb)
                 return False;

         DEBUG(3,("Yielding connection to %s\n",name));

         make_conn_key(conn, name, &kbuf, &key);

         if (tdb_delete(tdb, kbuf) != 0) {
                 int dbg_lvl = (!conn && (tdb_error(tdb) ==
TDB_ERR_NOEXIST)) ? 3
: 0;
                 DEBUG(dbg_lvl,("yield_connection: tdb_delete for name
%s failed
with error %s.\n",
                         name, tdb_errorstr(tdb) ));
                 return (False);
         }

         return(True);
}



You Will notice that %s does not have any value listed when it is
printed ot the log file...