solution: account expired

Steve Langasek vorlon at
Mon May 7 22:27:25 GMT 2001

Hi Florian,

On Tue, 8 May 2001, Florian Petri wrote:

> Some of you maybe get "account disabled ... " when they try to login at NT4 or
> W2K workstations and don't know where this comes from, because they can access the samba server eg. with the same accounts without any problem.
> (log.smbd show some unknown errors ...)

> The PAM service at my linux box was wrong configured. I used in
> /etc/pam.d/samba but it seems to me that I have to install (parameters: md5 shadow) to login at my nt4 box.

> Problably this could be documented somewhere, I spend a couple of hours on
> this and some others posted the same problems, I hope this helps you ...

This is a combination of a bug in Samba 2.2.0, and a bug in some versions of
pam_unix.  I believe the most current version of pam_unix should work ok -- if
not, I'd appreciate knowing about it.  Samba 2.2.1 (which should be out any
day now, right? :) will solve the problem for previous versions of pam_unix.

For backwards-compatibility with Samba 2.0, which did not do PAM account
authorization checks, use pam_permit instead of pam_unix.

I don't personally have access to document this anywhere official, I'm afraid

Steve Langasek
postmodern programmer

More information about the samba-ntdom mailing list