ADS authenentication & Samba/Winbind

Sorry for the long post, but any help would be appreciated!

I have two RH AS4 boxes. I have configured both to authenticate against my windows ADS.
The only difference between the machines is one is a 32-bit build and the other is a 64-bit build.
Linux 64bit.mydomain.com 2.6.9-42.0.3.ELsmp #1 SMP Mon Sep 25 17:24:31 EDT 2006 x86_64 x86_64 x86_64 GNU/Linux
Linux 32bit.mydomains.com 2.6.9-42.0.3.ELsmp #1 SMP Mon Sep 25 17:28:02 EDT 2006 i686 i686 i386 GNU/Linux

Both machines allow domain users to login to standard services, ssh or ftp for example.
Home directories are created when they login in on either machine. ntlm_auth and getent works on both systems.

My 32-bit machine will allow 3rd part aps (those I've tested) to authenticate the users, but the same apps fail to authenticate the same users on the 64-bit machine.

I have compared the following files (they are the same bytes even!)
/etc/pam.d/system-auth
/etc/pam.d/squid
/etc/pam.d/samba
/etc/samba/smb.conf
/etc/hosts
/etc/sysconfig/iptables
/etc/sysconfig/samba
/etc/sysconfig/authconfig
/etc/sysconfig/network
/etc/sysconfig/squid
/etc/sysconfig/saslauthd
/etc/krb5.conf
/etc/nsswitch.conf
/etc/pam_smb.conf
/etc/log.d/conf/services/pam.conf

Both machines are running the same services.

In the /var/log/samba directory:
smbd.log are similiar.
nmbd.log: The 32-bit machine promotes itself as local browser master, the 64-bit machine
doesn't , otherwise all entries are the same.

/var/log/message and /var/log/secure shows the same sequence on login on either machine.

A 3rd party vendor gave me a utility that calls pam-auth and outputs debug info call caut.Notice that the module called auth_etc_passwd passes on 32-bit but not on the 64-bit.

32-bit output (passwords x'd out!):

[root@ tmp]# ./caut

Authentication dump
service (eg "su") -
user name - mydomain\buddyj
password (will be echoed) - xxxxxx
auth_auth: debug 1 inline 0
auth_trusted: getspname did not find an entry for User mydomain\buddyj
auth_etc_passswd: getpwnam found entry for User mydomain\buddyj
pw_name: buddyj
pw_passwd: *
auth_check_passwd_crypt: FAILED (Standard crypt) *****
auth_check_passwd_crypt: Salt * passwd * crypt_result **XXXXXXXXXX
Calling pam_start
pam_start succeeded for service , user mydomain\buddyj
Calling pam_authenticate
[GUI]Authentication failure for mydomain\buddyj (PAM Err# 7)
[Result]NOK
Authentication failure for mydomain\buddyj

64-bit output:
root@64bit caut]# ./caut

Authentication dump
service (eg "su") -
user name - mydomain\buddyj
password (will be echoed) - xxxxx
auth_auth: debug 1 inline 0
auth_trusted: getspname did not find an entry for User mydomain\buddyj
auth_etc_passwd: getpwnam did not find an entry for User mydomain\buddyj
Calling pam_start
pam_start succeeded for service , user mydomain\buddyj
Calling pam_authenticate
[GUI]Authentication failure for mydomain\buddyj (PAM Err# 7)
[Result]NOK
Authentication failure for mydomain\buddyj

I can't find any config difference! How else can you determine configuration differences between two machines? Any suggestions?

I'll post a follow up of the steps I used on both machines.

Thanx!
Buddy


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Relevant Pages