Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PAM Authentication Failing

Status
Not open for further replies.
vacunita

vacunita

Programmer
Aug 2, 2001
9,166
0
0
MX
I'm not really a Server Admin, but have been tasked to get this done.

Long story short, The Development server we connect to is a Centos 5.5 that authenticates users via a domain server that no longer exists.
The users don't really exist on the dev server. There's nothing for them in the passwd file or the shadow file.

I get the following errors in the secure log because it can no longer contact it:


Jan 29 17:01:17 localhost sshd[3616]: Invalid user *username* from 192.168.0.206
Jan 29 17:01:27 localhost sshd[3617]: input_userauth_request: invalid user *username*
Jan 29 17:01:32 localhost sshd[3616]: pam_unix(sshd:auth): check pass; user unknown
Jan 29 17:01:32 localhost sshd[3616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.0.206
Jan 29 17:01:32 localhost sshd[3616]: pam_succeed_if(sshd:auth): error retrieving information about user *username*
Jan 29 17:01:34 localhost sshd[3616]: Failed password for invalid user *username* from 192.168.0.206 port 40453 ssh2
Jan 29 17:01:56 localhost sshd[3616]: pam_unix(sshd:auth): check pass; user unknown
Jan 29 17:01:56 localhost sshd[3616]: pam_succeed_if(sshd:auth): error retrieving information about user *username*
Jan 29 17:01:58 localhost sshd[3616]: Failed password for invalid user *username* from 192.168.0.206 port 40453 ssh2
Jan 29 17:02:00 localhost sshd[3617]: Connection closed by 192.168.0.206
Click to expand...

I tried creating a local user using useradd.

pam_winbind(sshd:auth): internal module error (retval = PAM_AUTHINFO_UNAVAIL(9), user = 'theuser')
Jan 31 09:15:15 localhost sshd[24586]: Failed password for theuser from 192.168.1.118 port 58009 ssh2
Jan 31 09:16:31 localhost sshd[24586]: pam_winbind(sshd:auth): getting password (0x00000010)
Jan 31 09:16:31 localhost sshd[24586]: pam_winbind(sshd:auth): pam_get_item returned a password
Jan 31 09:16:31 localhost sshd[24586]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_AUTHINFO_UNAVAIL (9), NTSTATUS: NT_STATUS_NO_LOGON_SERVERS, Error message was: No logon servers
Jan 31 09:16:31 localhost sshd[24586]: pam_winbind(sshd:auth): internal module error (retval = PAM_AUTHINFO_UNAVAIL(9), user = 'theuser')
Jan 31 09:16:33 localhost sshd[24586]: Failed password for theuser from 192.168.1.118 port 58009 ssh2
Jan 31 09:25:56 localhost passwd: pam_unix(passwd:chauthtok): password changed for theuser
Jan 31 09:26:37 localhost sshd[24660]: pam_winbind(sshd:account): valid_user: wbcGetpwnam gave WBC_ERR_DOMAIN_NOT_FOUND
Jan 31 09:26:37 localhost sshd[24660]: Failed password for theuser from 192.168.1.118 port 58066 ssh2
Jan 31 09:26:37 localhost sshd[24661]: fatal: Access denied for user theuser by PAM account configuration
Jan 31 09:40:04 localhost sshd[24739]: pam_winbind(sshd:account): valid_user: wbcGetpwnam gave WBC_ERR_DOMAIN_NOT_FOUND
Jan 31 09:40:04 localhost sshd[24739]: Failed password for theuser from 192.168.1.118 port 58129 ssh2
Jan 31 09:40:04 localhost sshd[24740]: fatal: Access denied for user theuser by PAM account configuration
Click to expand...


For this reason only the Root user can log in to the server. Everybody else gets an access denied.
As You can see I attempted to change the password for the user I created locally to see if it would validate, but it keeps saying the password is wrong.

What I really want to do is recreate the users locally so they no longer have to be validated through the external authentication server.

Anyway to do this? Am I making any sense?

I hope someone can help.

The real question is is there a way to create local users that can authenticate

----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Web & Tech
 
Sort by date Sort by votes
Thnks Chris,

From what I can find it is using Winbind. wbinfo -D servname gives me some details of the server being used.

----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Web & Tech
 
Upvote 0 Downvote
It also appears to be configures for Kerberos. krb.conf shows the same server info.


----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Web & Tech
 
Upvote 0 Downvote
I need to be able to remove the winbind authentication, and only use local authentication. Does anyone know how to accomplish this?



----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Web & Tech
 
Upvote 0 Downvote
I don't have an AD system to test on but,

net ads leave

should be the command line for breaking the Active Directory 'join'.

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum
 
Upvote 0 Downvote
Thanks foir that, but when I try to use that command I get this error:

Failed to leave domain: failed to find DC for domain serverName.com

Any other ideas?

----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Web & Tech
 
Upvote 0 Downvote
Finally got it.

Had to use the authconfig-tui tool to set authentication back to the shadow file and remvoe the authenitcation through ldap and winbind. Then just had to add the users and give them bash access. Same user names, so kept access ot the home folders and paths.





----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Web & Tech
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

garion42
  • Locked
  • Question
Apache LDAP authentication does not work for one user
Replies
2
Views
38
garion42
garion42
mirshafie
  • Locked
  • Question
Completely failing to use mod_rewrite
Replies
6
Views
26
youradds
youradds
MoreFeo
  • Locked
  • Question
CAS Authentication Wanted
Replies
1
Views
33
MoreFeo
MoreFeo
peterlyttle
  • Locked
  • Question
Apache 2 on Ubuntu 10.10 - AD Authentication
Replies
0
Views
25
peterlyttle
peterlyttle
vodkadrinker
  • Locked
  • Question
PAM system-auth config 2
Replies
3
Views
41
vodkadrinker
vodkadrinker

Part and Inventory Search

Sponsor

Back
Top