W2K Domain Login Problem with 2.2.0

Sat Apr 21 19:40:58 GMT 2001

Percy,

On Sun, 22 Apr 2001, PeRcY YuEn wrote:

> Andrew,

>   I've got a similar problem with Solaris 2.6. The debug message shows the
> PAM cause a PAM_USER_UNKNOWN at passdb/pampass.c:262. I have not modified
> the orignal PAM configuration that comes with solaris and the Samba220
> alpha 3 seems working fine with it. I guess there may be some problems
> with the recent modifications to the PAM code.

Could you share with us the relevant lines from your /etc/pam.conf?
(everything beginning with 'samba')

Regards,
Steve Langasek
postmodern programmer

> Andrew Bartlett wrote:
>
> > Gerald Carter wrote:
> > >
> > > Well actually that was my gut feeling.  Just hadn't had time to
> > > verify it.
> > >
> > > John T. or Andrew B.,
> > >
> > > Has either or you looked at the PAM code and Domain logons?
> > > Can you comment here?
> > >
> > > jerry
> >
> > That will be one of the little changes I fired off just before 2.2.0
> > came out.
> >
> > If PAM is working correctly (ie /etc/pam.d/samba is present and sensibly
> > configured) then it should work fine.  If there is ANY pam error, it
> > gets sent back as 'NT_STATUS_ACCOUNT_DISABLED'.
> >
> > John T did a lot of work putting in VERY good debug messages for PAM.
> > What is in the log files?
> >
> > I'd like to get to the bottom of this...
> >
> > Andrew Bartlett
> > abartlet at pcug.org.au
> >
> >>
> >> On Wed, 18 Apr 2001 22:06:47 Chen Shiyuan wrote:
> >> >
> >> > I think I have found the solution to the problem even though I don't
> >> > know what/why it caused such a problem.
> >> >
> >> > Someone posted on the Samba mailing list that Samba-2.2.0 makes sure
> >> > that PAM is used when it is compiled in but earlier versions didn't .
> >> >
> >> > So I recompiled 2.2.0 WITHOUT PAM support and voila, the account is no
> >> >
> >> > longer "disabled" when logging in via W2K.
> >> >
> >> > HTH & Thanks!
> >> >
> >> > On Wed, 18 Apr 2001 22:29:34 +0800 (SGT), Chen Shiyuan
> >> > <csy at hjc.edu.sg>
> >> > wrote :
> >> >
> >> > > Hello!
> >> > >
> >> > > Just to add on to my previous email, samba-2.2.0-alpha3 and
> >> > > samba-2.2.0
> >> > > are compiled using :-
> >> > >
> >> > > ./configure --prefix=/usr --libdir=/etc
> >> > > --with-lockdir=/var/lock/samba --
> > > > > with-swatdir=/usr/share/swat --localstatedir=/var/log/samba
> > > > > --with-
> > > > > smbmount --with-pam
> > > > >
> > > > > And I am running RedHat 6.2 with kernel 2.2.19 .
> > > > >
> > > > > Thanks!
> > > > >
> > > > > On Wed, 18 Apr 2001 08:32:13 -0500, Gerald Carter
> > > > > <gcarter at valinux.com>
> > > > > wrote :
> > > > >
> > > > > > On Wed, 18 Apr 2001 03:49:25 Chen Shiyuan wrote:
> > > > > > >
> > > > > > > However, after upgrading to samba-2.2.0, when W2K users
> > > > > > > tried to login using their username/password, W2K pops
> > > > > > > up a small dialog box in the middle of the screen that
> > > > > > > says - Your account has been disabled, please
> > > > > > > contact your System Administrator.
> > > > > >
> > > > > > Send me a level 10 debug log offline of the Win2k domain
> > > > > > logon attempt.
> > > > > >
> >
> > --
> > Andrew Bartlett
> > abartlet at pcug.org.au
>
>
>