[Pkg-samba-maint] Bug#738817: winbind doesn't permitt offline logon anymore

Piviul piviul at riminilug.it
Thu Feb 13 08:10:58 UTC 2014 

Package: winbind
Version: 2:4.1.4+dfsg-3
Severity: normal

Dear Maintainer,
offline logon doesn't works any more. If you configure winbind in offline logon
if there is no network connection the logon fails even if the password is
correct. These are the logs in auth.log when there is no network connection:

Feb 13 08:47:02 psala-lx2 gdm3][3380]: pam_unix(gdm3:auth): authentication
failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=  user=DOMINIOCSA\psala
Feb 13 08:47:02 psala-lx2 gdm3][3380]: pam_winbind(gdm3:auth): getting password
(0x00004388)
Feb 13 08:47:02 psala-lx2 gdm3][3380]: pam_winbind(gdm3:auth): pam_get_item
returned a password
Feb 13 08:47:02 psala-lx2 gdm3][3380]: pam_winbind(gdm3:auth): request
wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_SYSTEM_ERR (4),
NTSTATUS: NT_STATUS_INVALID_PARAMETER, Error message was: Unexpected
information received
Feb 13 08:47:02 psala-lx2 gdm3][3380]: pam_winbind(gdm3:auth): internal module
error (retval = PAM_SYSTEM_ERR(4), user = 'DOMINIOCSA\psala')

Then I have plug the network cable and restart winbind:
Feb 13 08:47:37 psala-lx2 sshd[2646]: Received signal 15; terminating.
Feb 13 08:47:37 psala-lx2 sshd[3696]: Server listening on 0.0.0.0 port 22.
Feb 13 08:47:37 psala-lx2 sshd[3696]: Server listening on :: port 22.
Feb 13 08:47:47 psala-lx2 sudo: administrator : TTY=tty2 ;
PWD=/home/administrator ; USER=root ; COMMAND=/usr/sbin/service winbind restart
Feb 13 08:47:47 psala-lx2 sudo: pam_unix(sudo:session): session opened for user
root by administrator(uid=0)
Feb 13 08:47:50 psala-lx2 sudo: pam_unix(sudo:session): session closed for user
root

And the logon now is successfully:
Feb 13 08:48:01 psala-lx2 gdm3][3805]: pam_unix(gdm3:auth): authentication
failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=  user=DOMINIOCSA\psala
Feb 13 08:48:01 psala-lx2 gdm3][3805]: pam_winbind(gdm3:auth): getting password
(0x00004388)
Feb 13 08:48:01 psala-lx2 gdm3][3805]: pam_winbind(gdm3:auth): pam_get_item
returned a password
Feb 13 08:48:01 psala-lx2 gdm3][3805]: pam_winbind(gdm3:auth): user
'DOMINIOCSA\psala' granted access
Feb 13 08:48:01 psala-lx2 gdm3][3805]: pam_unix(gdm3:session): session opened
for user DOMINIOCSA\psala by (uid=0)
Feb 13 08:48:01 psala-lx2 gdm3][3805]: pam_ck_connector(gdm3:session): nox11
mode, ignoring PAM_TTY :0
Feb 13 08:48:01 psala-lx2 gdm-launch-environment][2733]: pam_unix(gdm-launch-
environment:session): session closed for user Debian-gdm
Feb 13 08:48:01 psala-lx2 polkitd(authority=local): Unregistered Authentication
Agent for unix-session:/org/freedesktop/ConsoleKit/Session1 (system bus name
:1.26, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale
it_IT.UTF-8) (disconnected from bus)

This is my smb.conf:
[global]
        workgroup = DOMINIOCSA
        server string = %h server (Samba, Ubuntu)
        security = DOMAIN
        allow trusted domains = No
        map to guest = Bad User
        obey pam restrictions = Yes
        pam password change = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
        unix password sync = Yes
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        dns proxy = No
        usershare allow guests = Yes
        panic action = /usr/share/samba/panic-action %d
        template shell = /bin/bash
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind offline logon = Yes
        idmap config DOMINIOCSA : range = 10000-25000
        idmap config DOMINIOCSA : backend = rid
        idmap config * : range = 10000-25000
        idmap config * : backend = tdb

If you need some more infos please ask but consider this bug: offline logon can
be very usefull for mobile users!

Piviul



-- System Information:
Debian Release: jessie/sid
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.12-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages winbind depends on:
ii  libbsd0             0.6.0-1
ii  libc6               2.17-97
ii  libcomerr2          1.42.9-3
ii  libkrb5-26-heimdal  1.6~git20131207+dfsg-1
ii  libldap-2.4-2       2.4.31-1+nmu2+b1
ii  libpopt0            1.16-8
ii  libtalloc2          2.1.0-1
ii  libtdb1             1.2.12-1
ii  libtevent0          0.9.19-1
ii  libwbclient0        2:4.1.4+dfsg-3
ii  multiarch-support   2.17-97
ii  samba               2:4.1.4+dfsg-3
ii  samba-libs          2:4.1.4+dfsg-3

winbind recommends no packages.

Versions of packages winbind suggests:
ii  libnss-winbind  2:4.1.4+dfsg-3
ii  libpam-winbind  2:4.1.4+dfsg-3

-- no debconf information

More information about the Pkg-samba-maint mailing list