Pam_mount,pam_winbind, ssh, PAM error

Dawson, Alan DawsonA at chesterfield.ac.uk
Mon Apr 3 12:35:02 UTC 2006 

Hi,
Using SSH-2.0-OpenSSH_4.2p1 Debian-7
Winbind 3.0.21c

 

I'm using pam_mount and pam_winbind to try to authenticate ssh users
against Microsoft Active Directory.  But I get an error in
authentication after pam_winbind succesfully authenticates.

ssh -ddd shows 

debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
debug3: mm_request_receive_expect entering: type 11
debug3: mm_request_receive entering
debug3: monitor_read: checking request 10
debug3: PAM: sshpam_passwd_conv called with 1 messages
debug1: PAM: password authentication accepted for dawsona
debug3: mm_answer_authpassword: sending result 1
debug3: mm_request_send entering: type 11
debug3: mm_request_receive_expect entering: type 48
debug3: mm_request_receive entering
debug3: mm_auth_password: user authenticated
debug3: mm_do_pam_account entering
debug3: mm_request_send entering: type 48
debug3: mm_request_receive_expect entering: type 49
debug3: mm_request_receive entering
debug1: do_pam_account: called
debug3: PAM: do_pam_account pam_acct_mgmt = 9 (Authentication service
cannot retrieve authentication info.)

My sshd_config has this


Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 600
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PasswordAuthentication yes
X11Forwarding no
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
KeepAlive yes
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes

and my pam.d/ssh has only this, at the moment

auth     required       pam_mount.so debug
auth     sufficient     pam_winbind.so         use_first_pass debug
auth     requisite      pam_unix.so            nullok use_first_pass
#set_secrpc

Can anybody point in the correct direction to fix this.

thanks.

-- 
Alan Dawson
ICT Services
Chesterfield College

More information about the Pam-list mailing list