Setup: Freebsd 7.3. Original ports from the CD i.e. Not upgraded at all.
Using Samba34-3.4.5_1.
I have been using for Samba for quite some time, and have had hardly any trouble using Winblows clients. The most trouble I have ever had is using FreeBSD Samba client using winbind although I have always been able to get it to work except now I can't get it to work.
My Windows clients are working just fine. FreeBSD client works except when I put in the following lines into /etc/pam.d/system, I can't login at all with any account - either remote or local.
and these are put into the file at the appropiate places:
My /etc/nsswitch.conf file is:
and the only changes that I have made are to group and passwd. I removed compat and put in files winbind.
Now everything works: wbinfo -t, wbinfo -u, and everything else I can think of to test. It seems to me then that the problem is with pam_winbind.so or something in nsswitch.conf and NIS that I have not discovered yet. To restate, the problem starts when I put the suffcient winbind lines in /etc/pam.d/system.
I have googled and studied and I'm stuck.
I am getting ready to try pam_smb-2.0.0.r6, but I think it should work with pam_winbind.so.
Using Samba34-3.4.5_1.
I have been using for Samba for quite some time, and have had hardly any trouble using Winblows clients. The most trouble I have ever had is using FreeBSD Samba client using winbind although I have always been able to get it to work except now I can't get it to work.
My Windows clients are working just fine. FreeBSD client works except when I put in the following lines into /etc/pam.d/system, I can't login at all with any account - either remote or local.
Code:
auth sufficient /usr/local/lib/pam_winbind.so try_first_pass
account sufficient /usr/local/lib/pam_winbind.so
password sufficient /usr/local/lib/pam_winbind.so try_first_passand these are put into the file at the appropiate places:
Code:
#
# $FreeBSD: src/etc/pam.d/system,v 1.1.34.1 2010/02/10 00:26:20 kensmith Exp $
#
# System-wide defaults
#
# auth
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
auth sufficient /usr/local/lib/pam_winbind.so try_first_pass
#auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass nullok
# account
account sufficient /usr/local/lib/pam_winbind.so
#account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
# session
#session optional pam_ssh.so
session required pam_lastlog.so no_fail
# password
password sufficient /usr/local/lib/pam_winbind.so try_first_pass
#password sufficient pam_krb5.so no_warn try_first_pass
password required pam_unix.so no_warn try_first_passMy /etc/nsswitch.conf file is:
Code:
#
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: src/etc/nsswitch.conf,v 1.1.12.1 2010/02/10 00:26:20 kensmith Exp $
#
#group: compat
group: files winbind
group_compat: nis
hosts: files dns
networks: files
passwd: files winbind
#passwd: compat
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: filesand the only changes that I have made are to group and passwd. I removed compat and put in files winbind.
Now everything works: wbinfo -t, wbinfo -u, and everything else I can think of to test. It seems to me then that the problem is with pam_winbind.so or something in nsswitch.conf and NIS that I have not discovered yet. To restate, the problem starts when I put the suffcient winbind lines in /etc/pam.d/system.
I have googled and studied and I'm stuck.
I am getting ready to try pam_smb-2.0.0.r6, but I think it should work with pam_winbind.so.