W2K Domain Login Problem with 2.2.0

PeRcY YuEn percy at py.dhs.org
Sun Apr 22 06:02:15 GMT 2001

Steve and Andrew,

  My /etc/pam.conf has entries:
samba	auth required	/usr/lib/security/pam_unix.so.1
samba	account required	/usr/lib/security/pam_unix.so.1

  My log at debuglevel=4 shows:
[2001/04/22 13:03:26, 4] passdb/pampass.c:proc_pam_start(160)
  PAM: Init user: percy
[2001/04/22 13:03:26, 4] passdb/pampass.c:proc_pam_start(173)
  PAM: setting rhost to: pc06.domain
[2001/04/22 13:03:26, 4] passdb/pampass.c:proc_pam_start(181)
  PAM: setting tty
[2001/04/22 13:03:26, 4] passdb/pampass.c:proc_pam_start(188)
  PAM: Init passed for user: percy
[2001/04/22 13:03:26, 4] passdb/pampass.c:pam_account(246)
  PAM: Account Management for User: percy
[2001/04/22 13:03:26, 0] passdb/pampass.c:pam_account(262)
  PAM: User "percy" is NOT known to account management
[2001/04/22 13:03:26, 2] passdb/pampass.c:pam_error_handler(66)
  PAM: Account Check Failed : No account present for user
[2001/04/22 13:03:26, 4] passdb/pampass.c:proc_pam_end(144)
[2001/04/22 13:03:26, 0] passdb/pampass.c:pam_accountcheck(381)
  PAM: Account Validation Failed - Rejecting User!

  User "percy" is a valid account on the machine running samba. Logon to
W2K workstations worked fine When samba was configured NOT to use PAM. I
have tested getpwnam() on the samba machine using the following short

#include <pwd.h>
struct passwd *p = getpwnam("percy");
if (p) printf("%d\n",p->pw_uid);

  and I think getpwnam() works fine as well. Maybe have I screwed up with
the pam.conf lines? Any idea?


On Sat, 21 Apr 2001, Steve Langasek wrote:

> On Sun, 22 Apr 2001, Andrew Bartlett wrote:
> > Samba now checks with pam's account management facility as to the
> > validity of usernames, even if it is using encrypted passwords.  This
> > was added just before release.
> Yes, which is why it's important to see what the pam config says.  Surely,
> 'PAM_USER_UNKNOWN' is a strange error to suddenly have appear when everything
> worked well before; Samba is notoriously unforgiving of usernames which don't
> map to something that can be resolved with getpwnam().  Either the improved
> PAM support in Samba 2.2.0 has uncovered a bug in the Solaris defaults, or
> vice-versa.
> Steve Langasek
> postmodern programmer

More information about the samba-technical mailing list