×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

PAM Authentication Failing

PAM Authentication Failing

PAM Authentication Failing

(OP)
I'm not really a Server Admin, but have been tasked to get this done.

Long story short, The Development server we connect to is a Centos 5.5 that authenticates users via a domain server that no longer exists.
The users don't really exist on the dev server. There's nothing for them in the passwd file or the shadow file.

I get the following errors in the secure log because it can no longer contact it:


Quote:


Jan 29 17:01:17 localhost sshd[3616]: Invalid user *username* from 192.168.0.206
Jan 29 17:01:27 localhost sshd[3617]: input_userauth_request: invalid user *username*
Jan 29 17:01:32 localhost sshd[3616]: pam_unix(sshd:auth): check pass; user unknown
Jan 29 17:01:32 localhost sshd[3616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.0.206
Jan 29 17:01:32 localhost sshd[3616]: pam_succeed_if(sshd:auth): error retrieving information about user *username*
Jan 29 17:01:34 localhost sshd[3616]: Failed password for invalid user *username* from 192.168.0.206 port 40453 ssh2
Jan 29 17:01:56 localhost sshd[3616]: pam_unix(sshd:auth): check pass; user unknown
Jan 29 17:01:56 localhost sshd[3616]: pam_succeed_if(sshd:auth): error retrieving information about user *username*
Jan 29 17:01:58 localhost sshd[3616]: Failed password for invalid user *username* from 192.168.0.206 port 40453 ssh2
Jan 29 17:02:00 localhost sshd[3617]: Connection closed by 192.168.0.206


I tried creating a local user using useradd.

Quote:


pam_winbind(sshd:auth): internal module error (retval = PAM_AUTHINFO_UNAVAIL(9), user = 'theuser')
Jan 31 09:15:15 localhost sshd[24586]: Failed password for theuser from 192.168.1.118 port 58009 ssh2
Jan 31 09:16:31 localhost sshd[24586]: pam_winbind(sshd:auth): getting password (0x00000010)
Jan 31 09:16:31 localhost sshd[24586]: pam_winbind(sshd:auth): pam_get_item returned a password
Jan 31 09:16:31 localhost sshd[24586]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_AUTHINFO_UNAVAIL (9), NTSTATUS: NT_STATUS_NO_LOGON_SERVERS, Error message was: No logon servers
Jan 31 09:16:31 localhost sshd[24586]: pam_winbind(sshd:auth): internal module error (retval = PAM_AUTHINFO_UNAVAIL(9), user = 'theuser')
Jan 31 09:16:33 localhost sshd[24586]: Failed password for theuser from 192.168.1.118 port 58009 ssh2
Jan 31 09:25:56 localhost passwd: pam_unix(passwd:chauthtok): password changed for theuser
Jan 31 09:26:37 localhost sshd[24660]: pam_winbind(sshd:account): valid_user: wbcGetpwnam gave WBC_ERR_DOMAIN_NOT_FOUND
Jan 31 09:26:37 localhost sshd[24660]: Failed password for theuser from 192.168.1.118 port 58066 ssh2
Jan 31 09:26:37 localhost sshd[24661]: fatal: Access denied for user theuser by PAM account configuration
Jan 31 09:40:04 localhost sshd[24739]: pam_winbind(sshd:account): valid_user: wbcGetpwnam gave WBC_ERR_DOMAIN_NOT_FOUND
Jan 31 09:40:04 localhost sshd[24739]: Failed password for theuser from 192.168.1.118 port 58129 ssh2
Jan 31 09:40:04 localhost sshd[24740]: fatal: Access denied for user theuser by PAM account configuration


For this reason only the Root user can log in to the server. Everybody else gets an access denied.
As You can see I attempted to change the password for the user I created locally to see if it would validate, but it keeps saying the password is wrong.

What I really want to do is recreate the users locally so they no longer have to be validated through the external authentication server.

Anyway to do this? Am I making any sense?

I hope someone can help.

The real question is is there a way to create local users that can authenticate

----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Web & Tech

RE: PAM Authentication Failing

Depends on what was used to connect the machine to the Active Directory domain initially. The error messages suggest WinBind

http://wiki.centos.org/TipsAndTricks/WinbindADS



Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum

RE: PAM Authentication Failing

(OP)
Thnks Chris,

From what I can find it is using Winbind. wbinfo -D servname gives me some details of the server being used.

----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Web & Tech

RE: PAM Authentication Failing

(OP)
It also appears to be configures for Kerberos. krb.conf shows the same server info.

----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Web & Tech

RE: PAM Authentication Failing

(OP)
I need to be able to remove the winbind authentication, and only use local authentication. Does anyone know how to accomplish this?

----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Web & Tech

RE: PAM Authentication Failing

I don't have an AD system to test on but,

net ads leave

should be the command line for breaking the Active Directory 'join'.

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum

RE: PAM Authentication Failing

(OP)
Thanks foir that, but when I try to use that command I get this error:

Failed to leave domain: failed to find DC for domain serverName.com

Any other ideas?

----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Web & Tech

RE: PAM Authentication Failing

(OP)
Finally got it.

Had to use the authconfig-tui tool to set authentication back to the shadow file and remvoe the authenitcation through ldap and winbind. Then just had to add the users and give them bash access. Same user names, so kept access ot the home folders and paths.



----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Web & Tech

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login


Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close