W2K Domain Login Problem with 2.2.0

Andrew Bartlett abartlet at pcug.org.au
Sun Apr 22 00:58:05 GMT 2001


Steve Langasek wrote:
> 
> Percy,
> 
> On Sun, 22 Apr 2001, PeRcY YuEn wrote:
> 
> > Andrew,
> 
> >   I've got a similar problem with Solaris 2.6. The debug message shows the
> > PAM cause a PAM_USER_UNKNOWN at passdb/pampass.c:262. I have not modified
> > the orignal PAM configuration that comes with solaris and the Samba220
> > alpha 3 seems working fine with it. I guess there may be some problems
> > with the recent modifications to the PAM code.
> 
> Could you share with us the relevant lines from your /etc/pam.conf?
> (everything beginning with 'samba')
> 
> Regards,
> Steve Langasek
> postmodern programmer
> 

Samba now checks with pam's account management facility as to the
validity of usernames, even if it is using encrypted passwords.  This
was added just before release.

Andrew Bartlett
abartlet at pcug.org.au

> > Andrew Bartlett wrote:
> >
> > > Gerald Carter wrote:
> > > >
> > > > Well actually that was my gut feeling.  Just hadn't had time to
> > > > verify it.
> > > >
> > > > John T. or Andrew B.,
> > > >
> > > > Has either or you looked at the PAM code and Domain logons?
> > > > Can you comment here?
> > > >
> > > > jerry
> > >
> > > That will be one of the little changes I fired off just before 2.2.0
> > > came out.
> > >
> > > If PAM is working correctly (ie /etc/pam.d/samba is present and sensibly
> > > configured) then it should work fine.  If there is ANY pam error, it
> > > gets sent back as 'NT_STATUS_ACCOUNT_DISABLED'.
> > >
> > > John T did a lot of work putting in VERY good debug messages for PAM.
> > > What is in the log files?
> > >
> > > I'd like to get to the bottom of this...
> > >
> > > Andrew Bartlett
> > > abartlet at pcug.org.au
> > >
> > >>
> > >> On Wed, 18 Apr 2001 22:06:47 Chen Shiyuan wrote:
> > >> >
> > >> > I think I have found the solution to the problem even though I don't
> > >> > know what/why it caused such a problem.
> > >> >
> > >> > Someone posted on the Samba mailing list that Samba-2.2.0 makes sure
> > >> > that PAM is used when it is compiled in but earlier versions didn't .
> > >> >
> > >> > So I recompiled 2.2.0 WITHOUT PAM support and voila, the account is no
> > >> >
> > >> > longer "disabled" when logging in via W2K.
> > >> >
> > >> > HTH & Thanks!
> > >> >
> > >> > On Wed, 18 Apr 2001 22:29:34 +0800 (SGT), Chen Shiyuan
> > >> > <csy at hjc.edu.sg>
> > >> > wrote :
> > >> >
> > >> > > Hello!
> > >> > >
> > >> > > Just to add on to my previous email, samba-2.2.0-alpha3 and
> > >> > > samba-2.2.0
> > >> > > are compiled using :-
> > >> > >
> > >> > > ./configure --prefix=/usr --libdir=/etc
> > >> > > --with-lockdir=/var/lock/samba --
> > > > > > with-swatdir=/usr/share/swat --localstatedir=/var/log/samba
> > > > > > --with-
> > > > > > smbmount --with-pam
> > > > > >
> > > > > > And I am running RedHat 6.2 with kernel 2.2.19 .
> > > > > >
> > > > > > Thanks!
> > > > > >
> > > > > > On Wed, 18 Apr 2001 08:32:13 -0500, Gerald Carter
> > > > > > <gcarter at valinux.com>
> > > > > > wrote :
> > > > > >
> > > > > > > On Wed, 18 Apr 2001 03:49:25 Chen Shiyuan wrote:
> > > > > > > >
> > > > > > > > However, after upgrading to samba-2.2.0, when W2K users
> > > > > > > > tried to login using their username/password, W2K pops
> > > > > > > > up a small dialog box in the middle of the screen that
> > > > > > > > says - Your account has been disabled, please
> > > > > > > > contact your System Administrator.
> > > > > > >
> > > > > > > Send me a level 10 debug log offline of the Win2k domain
> > > > > > > logon attempt.
> > > > > > >
> > >
> > > --
> > > Andrew Bartlett
> > > abartlet at pcug.org.au
> >
> >
> >

-- 
Andrew Bartlett
abartlet at pcug.org.au




More information about the samba-technical mailing list