W2K Domain Login Problem with 2.2.0
Andrew Bartlett
abartlet at pcug.org.au
Thu Apr 19 07:38:31 GMT 2001
Gerald Carter wrote:
>
> Well actually that was my gut feeling. Just hadn't had time to
> verify it.
>
> John T. or Andrew B.,
>
> Has either or you looked at the PAM code and Domain logons?
> Can you comment here?
>
> jerry
That will be one of the little changes I fired off just before 2.2.0
came out.
If PAM is working correctly (ie /etc/pam.d/samba is present and sensibly
configured) then it should work fine. If there is ANY pam error, it
gets sent back as 'NT_STATUS_ACCOUNT_DISABLED'.
John T did a lot of work putting in VERY good debug messages for PAM.
What is in the log files?
I'd like to get to the bottom of this...
Andrew Bartlett
abartlet at pcug.org.au
>
> On Wed, 18 Apr 2001 22:06:47 Chen Shiyuan wrote:
> >
> > I think I have found the solution to the problem even though I don't
> > know what/why it caused such a problem.
> >
> > Someone posted on the Samba mailing list that Samba-2.2.0 makes sure
> > that PAM is used when it is compiled in but earlier versions didn't .
> >
> > So I recompiled 2.2.0 WITHOUT PAM support and voila, the account is no
> >
> > longer "disabled" when logging in via W2K.
> >
> > HTH & Thanks!
> >
> > On Wed, 18 Apr 2001 22:29:34 +0800 (SGT), Chen Shiyuan
> > <csy at hjc.edu.sg>
> > wrote :
> >
> > > Hello!
> > >
> > > Just to add on to my previous email, samba-2.2.0-alpha3 and
> > > samba-2.2.0
> > > are compiled using :-
> > >
> > > ./configure --prefix=/usr --libdir=/etc
> > > --with-lockdir=/var/lock/samba --
> > > with-swatdir=/usr/share/swat --localstatedir=/var/log/samba
> > > --with-
> > > smbmount --with-pam
> > >
> > > And I am running RedHat 6.2 with kernel 2.2.19 .
> > >
> > > Thanks!
> > >
> > > On Wed, 18 Apr 2001 08:32:13 -0500, Gerald Carter
> > > <gcarter at valinux.com>
> > > wrote :
> > >
> > > > On Wed, 18 Apr 2001 03:49:25 Chen Shiyuan wrote:
> > > > >
> > > > > However, after upgrading to samba-2.2.0, when W2K users
> > > > > tried to login using their username/password, W2K pops
> > > > > up a small dialog box in the middle of the screen that
> > > > > says - Your account has been disabled, please
> > > > > contact your System Administrator.
> > > >
> > > > Send me a level 10 debug log offline of the Win2k domain
> > > > logon attempt.
> > > >
--
Andrew Bartlett
abartlet at pcug.org.au
More information about the samba-technical
mailing list