FW: apache autheticates through pam/samba, but I get "User accoun t has expired message"

James Sinnamon sinnamon at usq.edu.au
Thu Apr 29 08:23:38 GMT 1999

Dear Samba Developers/Users

(I trust that the following does relate to this list.  If not, 
please accept my apologies)

I am running apache ver 1.3.4 with RedHat Linux ver 5.2, and I wish to have
users logged on to the local NT network be able to authenticate themselves
from the NT Domain Controllers.

To do this, I have done the following :

1. compiled mod_auth_pam into apache

2. Put the following directives into httpd.conf:

<Directory />
    AuthPAM_enabled on
    Options FollowSymLinks
    AllowOverride All

2. Put the following .htaccess file in .../htdocs/test from
which I wish to test the authentication :

   AuthName "Test Authentication"
   AuthType Basic
   require valid-user

3. compiled and installed /lib/security/pam_smb_auth.so 

4. Created the following /etc/pam.d/httpd file :

   auth   required  /lib/security/pam_smb_auth.so debug

I supply my username and password when prompted to do so by Netscape
Navigator.  The file /var/log/secure shows the following:

   Apr 29 17:44:11 turing httpd: pam_smb: Correct NT username/password pair

... this indicates that I have been authenticated by the NT PDC,
however I still get the 'authorization failed' message.  When I examined
the error_log file, I saw the following message:

    httpd: [Thu Apr 29 17:52:01 1999] [error] access to /test/ failed for \, reason: User account has expired

>From examining mod_auth_pam.c, I gather that a call to
pam_authenticate() has succeeded, but the subsequent call to
pam_acct_mgmt() has failed.

... does anyone out there know what is going on here? Is there
anything that I can do at the Linux end to fix this, or does something need
to be done with the NT Domain Controllers?

Thank you

James Sinnamon


More information about the samba-ntdom mailing list