[Samba] Unknown PAM failiure in WIN2003/ Active Directory + samba

Hello,

I have an existing windows 2003 network and now try to add a new linux
server with samba/kerberos support for unified logon authentication.
Normally, everything is installed & this is the configuration:


- Debian with 2.6.16.4 kernel=20
- heimdal kerberos
- samba log info:=09
log.smbd:
[2005/10/17 10:48:26, 0] smbd/server.c:main(798)
smbd version 3.0.14a-Debian started.
Copyright Andrew Tridgell and the Samba Team 1992-2004

log.nmbd:
[2005/10/17 10:48:26, 0] nmbd/nmbd.c:main(668)
Netbios nameserver version 3.0.14a-Debian started.
Copyright Andrew Tridgell and the Samba Team 1994-2004

log.winbind:
[2005/10/17 10:48:37, 1] nsswitch/winbindd.c:main(864)
winbindd version 3.0.14a-Debian started.
Copyright The Samba Team 2000-2004


There are no errors in the logging when i start the services

- smb.conf (testparm)

# Global parameters
[global]
workgroup =3D TEST
realm =3D TEST.LOCAL
server string =3D %h server (Samba %v)
security =3D ADS
obey pam restrictions =3D Yes
password server =3D mainserver.test.local
passdb backend =3D tdbsam, guest
passwd program =3D /usr/bin/passwd %u
passwd chat =3D *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
syslog =3D 0
log file =3D /var/log/samba/log.%m
max log size =3D 1000
dns proxy =3D No
panic action =3D /usr/share/samba/panic-action %d
idmap uid =3D 10000-20000
idmap gid =3D 10000-20000
invalid users =3D root

[homes]
comment =3D Home Directories
create mask =3D 0700
directory mask =3D 0700
browseable =3D No

[webcontrol]
comment =3D Webcontrol test
path =3D /disk2/test
guest ok =3D Yes

[printers]
comment =3D All Printers
path =3D /tmp
create mask =3D 0700
printable =3D Yes
browseable =3D No

[print$]
comment =3D Printer Drivers
path =3D /var/lib/samba/printers



- nsswitch.conf

passwd: files winbind
group: files winbind
shadow: compat

hosts: files dns winbind
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

netgroup: nis


My krb5.conf:

[libdefaults]
default_realm =3D TEST.LOCAL
krb4_get_tickets =3D false
clockskew =3D 300

[realms]
TEST.LOCAL =3D {
kdc =3D MAINSERVER.TEST.LOCAL
admin_server =3D 192.168.0.10
}


[domain_realm]
mainserver.test.local =3D TEST.LOCAL



In my /etc/pam.d/samba file i have:
@include common-auth
@include common-account
@include common-session
auth required /lib/security/pam_winbind.so
account required /lib/security/pam_winbind.so




When i do kinit Administrator@TEST.LOCAL:
primsquid:/etc/samba# kinit Administrator@TEST.LOCAL
Administrator@TEST.LOCAL's Password:
kinit: NOTICE: ticket renewable lifetime is 1 week


When i do=20
Getent passwd, i get all the information. Getent users gives me also
information

When i try to connect from a windows client, i get a logon screen and
when i fill in my windows Administrator user or another one, the logon
windows comes up again.

In my loggings i get after trying:

Log.smbd:
[2005/10/17 11:26:28, 0] smbd/server.c:main(798)
smbd version 3.0.14a-Debian started.
Copyright Andrew Tridgell and the Samba Team 1992-2004


Log.nmbd:
[2005/10/17 11:26:28, 0] nmbd/nmbd.c:main(668)
Netbios nameserver version 3.0.14a-Debian started.
Copyright Andrew Tridgell and the Samba Team 1994-2004


Log.winbind:
[2005/10/17 11:26:36, 1] nsswitch/winbindd.c:main(864)
winbindd version 3.0.14a-Debian started.
Copyright The Samba Team 2000-2004


In the new added logfile from the windows pc i tried to connect:

[2005/10/17 11:26:59, 0] auth/pampass.c:smb_pam_account(573)
smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management
for User: TEST\phil
[2005/10/17 11:26:59, 0] auth/pampass.c:smb_pam_accountcheck(781)
smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User
TEST\phil!
[2005/10/17 11:26:59, 0] auth/pampass.c:smb_pam_account(573)
smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management
for User: TEST\phil
[2005/10/17 11:26:59, 0] auth/pampass.c:smb_pam_accountcheck(781)
smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User
TEST\phil!
[2005/10/17 11:26:59, 0] auth/pampass.c:smb_pam_account(573)
smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management
for User: TEST\phil
[2005/10/17 11:26:59, 0] auth/pampass.c:smb_pam_accountcheck(781)
smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User
TEST\phil!
[2005/10/17 11:27:00, 0] auth/pampass.c:smb_pam_account(573)
smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management
for User: TEST\phil
[2005/10/17 11:27:00, 0] auth/pampass.c:smb_pam_accountcheck(781)
smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User
TEST\phil!
[2005/10/17 11:27:00, 0] auth/pampass.c:smb_pam_account(573)
smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management
for User: TEST\phil
[2005/10/17 11:27:00, 0] auth/pampass.c:smb_pam_accountcheck(781)
smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User
TEST\phil!
[2005/10/17 11:27:05, 0] auth/pampass.c:smb_pam_account(573)
smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management
for User: TEST\administrator
[2005/10/17 11:27:05, 0] auth/pampass.c:smb_pam_accountcheck(781)
smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User
TEST\administrator!



On the windowsXP pc, i am logged in as phil and when i connect and i get
a logon, i tried TEST\Administrator



I don't find alot of good information about this error, but i hope that
someone can help me out.


Thnx & Grtz,
Phil.

=09










--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba