Prev: Iceweasel (from backports) keeps busy cursor at startup
Next: Transferring files over SSH in the console
From: Florian Pressler on 22 Mar 2010 09:30
Sjoerd Hardeman <sjoerd <at> lorentz.leidenuniv.nl> writes:

> > Mar 22 13:24:48 fp passwd[2001]: pam_winbind(passwd:chauthtok): valid_user:
> > wbcGetpwnam gave WBC_ERR_DOMAIN_NOT_FOUND
> So you're trying to authenticate against a windows domain controller. Is
> that indeed your setup?

Absolutely not. I wonder how this configuration came in place, considering I
installed the server recently from scratch and edited configuration-files very
carefully and tried to understand every single thing I changed anywhere. I
installed samba, though, and edited its configurationfile smb.conf. I'll have to
look into this issue and find out where this is configured (in /etc/pam.d/ I
guess) and change it. Thanks for the hint.

> > airflow <at> fp:/$ lsattr /usr/bin/passwd
> > ------------------- /usr/bin/passwd
> That doesn't look strange.

Good! :)

> Sjoerd
> PS. I'm on the list, you don't need to send the mail to my address as well.

Sorry - I just switched from mailing-list to gmane and wanted to send it to you
in CC, which isn't possible in gmane.

Regards,
Florian


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/loom.20100322T134818-838(a)post.gmane.org
From: Sjoerd Hardeman on 22 Mar 2010 10:10
Florian Pressler schreef:
> Sjoerd Hardeman <sjoerd <at> lorentz.leidenuniv.nl> writes:
>
>>> Mar 22 13:24:48 fp passwd[2001]: pam_winbind(passwd:chauthtok): valid_user:
>>> wbcGetpwnam gave WBC_ERR_DOMAIN_NOT_FOUND
>> So you're trying to authenticate against a windows domain controller. Is
>> that indeed your setup?
>
> Absolutely not. I wonder how this configuration came in place, considering I
> installed the server recently from scratch and edited configuration-files very
> carefully and tried to understand every single thing I changed anywhere. I
> installed samba, though, and edited its configurationfile smb.conf. I'll have to
> look into this issue and find out where this is configured (in /etc/pam.d/ I
> guess) and change it. Thanks for the hint.
Samba shouldn't do that. Strange indeed, but good to hear it's solved now.
>
>>> airflow <at> fp:/$ lsattr /usr/bin/passwd
>>> ------------------- /usr/bin/passwd
>> That doesn't look strange.
>
> Good! :)
>
>> Sjoerd
>> PS. I'm on the list, you don't need to send the mail to my address as well.
>
> Sorry - I just switched from mailing-list to gmane and wanted to send it to you
> in CC, which isn't possible in gmane.
No problem.

Sjoerd

From: Sjoerd Hardeman on 28 Mar 2010 17:00
Sjoerd Hardeman schreef:
>> Absolutely not. I wonder how this configuration came in place,
>> considering I
>> installed the server recently from scratch and edited
>> configuration-files very
>> carefully and tried to understand every single thing I changed
>> anywhere. I
>> installed samba, though, and edited its configurationfile smb.conf.
>> I'll have to
>> look into this issue and find out where this is configured (in
>> /etc/pam.d/ I
>> guess) and change it. Thanks for the hint.
> Samba shouldn't do that. Strange indeed, but good to hear it's solved now.
>>
This following mail I got from Christian (why didn't you send it to the
list?)
His suggestion is (if I understand correctly) that some other package
somehow pulled a reference to /etc/pam.d/samba in the
/etc/pam.d/common-password. It might be possible, but also those other
packages shouldn't touch your common-password, except some configuration
scripts that you explicitly authorize. Anyway, it might be a good idea
to look in that situation. If you have backups, you might be able to
find the last alteration date of your common-password (before the change
you did to fix it, of course). The apt log might then tell you which
packages were updated that day, so you can try to find out what went
wrong. It is a whole lot of trouble though, so you can also hope
somebody else runs into this, but does remember how it came into being.

Sjoerd

From: Florian Pressler on 23 Apr 2010 05:10
Sjoerd Hardeman <sjoerd <at> lorentz.leidenuniv.nl> writes:

> Samba shouldn't do that. Strange indeed, but good to hear it's solved now.

I got a mail from Grant, who found this thread by searching the web. He had the
same problem, and thinks he found the reason for the issue.

As for his request, I forward his mail to this list.

regards,
Florian

Hi. I saw your email on the Debian list. I just had the *exact* same issue --
log messages and all -- on two clean installs from freshly downloaded netinst
iso files. I'm not on the debian list myself, but thought I might ask you to
pass along what I found to fix the issue, and the root cause -- since it
obviously hasn't been addressed in the "Squeeze" testing nightlies yet. Am I the
only one in the world installing shell-only debian boxes in 2010? :)

Thanks in advance for the assistance in passing this along.

Cheers,
-Grant

Issue ----

Log messages:

> > Mar 22 13:24:48 fp passwd[2001]: pam_winbind(passwd:chauthtok): valid_user:
> > wbcGetpwnam gave WBC_ERR_DOMAIN_NOT_FOUND


Cause:

winbind. The winbind dpkg is configured when you select yes for DHCP integration
with WINS servers during install. That dpkg-config adds the pam_winbind module
to /etc/pam.d/common-password. On clean install, this can even cause passwd not
to be able to set the root pass.. locking you out of your finished debian
install on first boot. Booting in single user to change the password doesn't
help, passwd fails on execution and writes this line on stderr.

passwd: System Error

Solution: Boot single user. Comment out the line in /etc/pam.d/common-password
which loads pam_winbind.so. Run passwd again to set your root password, or to
set the password of any user. Reboot, shell logins and the passwd command will
work again.


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/loom.20100423T110228-792(a)post.gmane.org
From: Florian Pressler on 23 Apr 2010 05:20
Florian Pressler <airflow.2010 <at> gmail.com> writes:

> Solution: Boot single user. Comment out the line in /etc/pam.d/common-password
> which loads pam_winbind.so. Run passwd again to set your root password, or to
> set the password of any user. Reboot, shell logins and the passwd command will
> work again.

Just another addition to this topic: A good way of solving the issue is using
the tool pam-auth-update. Just call pam-auth-update and deselect winbind as
root. This is how I did it.

Regards,
Florian


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/loom.20100423T111146-566(a)post.gmane.org
First  |  Prev  |  Next  |  Last
Pages: 1 2 3
Prev: Iceweasel (from backports) keeps busy cursor at startup
Next: Transferring files over SSH in the console