My Server has installed postfix+sasl+winbindd+samba with SuSE 10.0 I have problems executing "testsaslauthd -u USER -p PASS -s smtp". Output is 0: NO "authentication failed" DEBUG: auth_pam: pam_acct_mgmt failed: Permission denied May 18 12:57:06 saslauthd[31381]: do_auth : auth failure: [user=USER] [service=smtp] [realm=] [mech=pam] [reason=PAM acct error] However in winbind log appears: Verify user `USER` User 'USER' granted access User `USER' not found Wbinfo -u, wbinfo -g, wbinfo -t executes ok File /etc/pam.d/smtp is auth sufficient /lib/security/pam_winbind.so account sufficient /lib/security/pam_winbind.so File /etc/sysconfig/saslauthd is SASLAUTHD_AUTHMECH="pam" SASLAUTHD_FLAGS="-d -V -n0" And /etc/samba/smb.conf is [global] workgroup = GROUP winbind separator = _ idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes password server = 192.168.1.1 realm = 192.168.1.1 interfaces = eth1 auth methods = winbind template shell = /bin/false winbind use default domain = yes encrypt passwords = Yes wins server = 192.168.1.1 Thanks !!
(In reply to comment #0) > My Server has installed postfix+sasl+winbindd+samba with SuSE 10.0 > > I have problems executing "testsaslauthd -u USER -p PASS -s smtp". > Output is 0: NO "authentication failed" > > DEBUG: auth_pam: pam_acct_mgmt failed: Permission denied > May 18 12:57:06 saslauthd[31381]: do_auth : auth failure: > [user=USER] [service=smtp] [realm=] [mech=pam] [reason=PAM acct error] > > However in winbind log appears: > Verify user `USER` > User 'USER' granted access > User `USER' not found ^^^^^^^^^^^^^^^^^^^^^^^^ Do you have winbind in nsswitch.conf ? > Wbinfo -u, wbinfo -g, wbinfo -t executes ok > > File /etc/pam.d/smtp is > > auth sufficient /lib/security/pam_winbind.so > account sufficient /lib/security/pam_winbind.so With this configuration 'account' can only succeed when USER is available over NSS calls. Please make sure "getpwnam USER" succeeds and reopen if this still an issue. (I verified this works with 3.0.23rc2).
(In reply to comment #0) > My Server has installed postfix+sasl+winbindd+samba with SuSE 10.0 > > I have problems executing "testsaslauthd -u USER -p PASS -s smtp". > Output is 0: NO "authentication failed" > > DEBUG: auth_pam: pam_acct_mgmt failed: Permission denied > May 18 12:57:06 saslauthd[31381]: do_auth : auth failure: > [user=USER] [service=smtp] [realm=] [mech=pam] [reason=PAM acct error] > > However in winbind log appears: > Verify user `USER` > User 'USER' granted access > User `USER' not found > > Wbinfo -u, wbinfo -g, wbinfo -t executes ok > > File /etc/pam.d/smtp is > > auth sufficient /lib/security/pam_winbind.so > account sufficient /lib/security/pam_winbind.so > > File /etc/sysconfig/saslauthd is > > SASLAUTHD_AUTHMECH="pam" > SASLAUTHD_FLAGS="-d -V -n0" > > > And /etc/samba/smb.conf is > > [global] > workgroup = GROUP > winbind separator = _ > idmap uid = 10000-20000 > idmap gid = 10000-20000 > winbind enum users = yes > winbind enum groups = yes > password server = 192.168.1.1 > realm = 192.168.1.1 > interfaces = eth1 > auth methods = winbind > template shell = /bin/false > winbind use default domain = yes > encrypt passwords = Yes > wins server = 192.168.1.1 > > Thanks !! >
In nsswitch.conf is there passwd: compat winbind group: compat winbind shadow: compat winbind And I Cannot execute "getpwnam" In which rpm is this command "getpwnam"? > My Server has installed postfix+sasl+winbindd+samba with SuSE 10.0 > > I have problems executing "testsaslauthd -u USER -p PASS -s smtp". > Output is 0: NO "authentication failed" > > DEBUG: auth_pam: pam_acct_mgmt failed: Permission denied > May 18 12:57:06 saslauthd[31381]: do_auth : auth failure: > [user=USER] [service=smtp] [realm=] [mech=pam] [reason=PAM acct error] > > However in winbind log appears: > Verify user `USER` > User 'USER' granted access > User `USER' not found > > Wbinfo -u, wbinfo -g, wbinfo -t executes ok > > File /etc/pam.d/smtp is > > auth sufficient /lib/security/pam_winbind.so > account sufficient /lib/security/pam_winbind.so > > File /etc/sysconfig/saslauthd is > > SASLAUTHD_AUTHMECH="pam" > SASLAUTHD_FLAGS="-d -V -n0" > > > And /etc/samba/smb.conf is > > [global] > workgroup = GROUP > winbind separator = _ > idmap uid = 10000-20000 > idmap gid = 10000-20000 > winbind enum users = yes > winbind enum groups = yes > password server = 192.168.1.1 > realm = 192.168.1.1 > interfaces = eth1 > auth methods = winbind > template shell = /bin/false > winbind use default domain = yes > encrypt passwords = Yes > wins server = 192.168.1.1 > > Thanks !! > (In reply to comment #1) > (In reply to comment #0) > > My Server has installed postfix+sasl+winbindd+samba with SuSE 10.0 > > > > I have problems executing "testsaslauthd -u USER -p PASS -s smtp". > > Output is 0: NO "authentication failed" > > > > DEBUG: auth_pam: pam_acct_mgmt failed: Permission denied > > May 18 12:57:06 saslauthd[31381]: do_auth : auth failure: > > [user=USER] [service=smtp] [realm=] [mech=pam] [reason=PAM acct error] > > > > However in winbind log appears: > > Verify user `USER` > > User 'USER' granted access > > User `USER' not found > ^^^^^^^^^^^^^^^^^^^^^^^^ > > Do you have winbind in nsswitch.conf ? > > > Wbinfo -u, wbinfo -g, wbinfo -t executes ok > > > > File /etc/pam.d/smtp is > > > > auth sufficient /lib/security/pam_winbind.so > > account sufficient /lib/security/pam_winbind.so > > With this configuration 'account' can only succeed when USER is available over > NSS calls. Please make sure "getpwnam USER" succeeds and reopen if this still > an issue. (I verified this works with 3.0.23rc2). >
* realms must be names and not IP addresses * do not tweak the the 'auth methods' parameter. This is a configuratio issue as far as I can tell and not a bug. Please post to the mailing list for help.