# Samba, Winbind Works - FBSD Client Won' Auth



## ter2007 (Aug 29, 2010)

Setup: Freebsd 7.3. Original ports from the CD i.e. Not upgraded at all.

Using Samba34-3.4.5_1.

I have been using for Samba for quite some time, and have had hardly any trouble using Winblows clients. The most trouble I have ever had is using FreeBSD Samba client using winbind although I have always been able to get it to work except now I can't get it to work.

My Windows clients are working just fine. FreeBSD client works except when I put in the following lines into /etc/pam.d/system, I can't login at all with any account - either remote or local.


```
auth		sufficient	/usr/local/lib/pam_winbind.so 	try_first_pass

account		sufficient 	/usr/local/lib/pam_winbind.so

password	sufficient 	/usr/local/lib/pam_winbind.so	try_first_pass
```

and these are put into the file at the appropiate places:


```
#
# $FreeBSD: src/etc/pam.d/system,v 1.1.34.1 2010/02/10 00:26:20 kensmith Exp $
#
# System-wide defaults
#

# auth
auth		sufficient	pam_opie.so			no_warn no_fake_prompts
auth		requisite	pam_opieaccess.so		no_warn allow_local
auth		sufficient	/usr/local/lib/pam_winbind.so 	try_first_pass
#auth		sufficient	pam_krb5.so			no_warn try_first_pass
#auth		sufficient	pam_ssh.so			no_warn try_first_pass
auth		required	pam_unix.so			no_warn try_first_pass nullok

# account
account		sufficient 	/usr/local/lib/pam_winbind.so
#account 	required	pam_krb5.so
account		required	pam_login_access.so
account		required	pam_unix.so

# session
#session 	optional	pam_ssh.so
session		required	pam_lastlog.so			no_fail

# password
password	sufficient 	/usr/local/lib/pam_winbind.so	try_first_pass
#password	sufficient	pam_krb5.so			no_warn try_first_pass
password	required	pam_unix.so			no_warn try_first_pass
```

My /etc/nsswitch.conf file is:


```
#
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: src/etc/nsswitch.conf,v 1.1.12.1 2010/02/10 00:26:20 kensmith Exp $
#
#group: compat
group: files winbind
group_compat: nis
hosts: files dns
networks: files
passwd: files winbind
#passwd: compat
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
```

and the only changes that I have made are to group and passwd. I removed compat and put in files winbind.

Now everything works: wbinfo -t, wbinfo -u, and everything else I can think of to test. It seems to me then that the problem is with pam_winbind.so or something in nsswitch.conf and NIS that I have not discovered yet. To restate, the problem starts when I put the suffcient winbind lines in /etc/pam.d/system.

I have googled and studied and I'm stuck.

I am getting ready to try pam_smb-2.0.0.r6, but I think it should work with pam_winbind.so.


----------



## ter2007 (Aug 29, 2010)

*Would Like to Add*

I would like to add:

I see that NIS has been added to nsswitch.conf. It seems then that passwd and group info has to come from NIS now even though I have not configured NIS. Now I am weak in configuring NIS on freebsd. Just briefly looked it over and have not been into it any depth.


----------



## ter2007 (Aug 30, 2010)

I would like to add some additional information: When I try to log in with a correct samba username and password, the login does not occur; it just goes back to the login prompt. If I try to login with an incorrect password, it echos "wrong password." It seems that it is working but just won't let me start a terminal. I am perplexed.


----------

