W2K Domain Login Problem with 2.2.0

[Andrew Bartlett]

Jeremy Allison wrote:
> 
> On Sun, Apr 22, 2001 at 06:41:06PM +1000, Andrew Bartlett wrote:
> 
> > There seems to be a bug in the interaction between Win2k domain logons
> > and PAM account managment.  It is not present for my NT4 (no SP) VMware
> > session.
> >
> > I currently don't have access to a Win2k machine, so can't particuarly
> > test any further.  I suspect that the username being passed to PAM is in
> > some way slightly malformed, such that the account management fails.
> 
> I have a w2k vmware session and can test that at home
> tomorrow (it's very late here California time). Are
> you meaning setting up Samba as a PDC configured as
> --with-pam ? If so I'll test that tomorrow....

Yes.

> I'm running on RedHat 6.2, without the pam_stack modile.
> My current pam.d/samba file looks like :
> 
> auth            required        /lib/security/pam_pwdb.so nullok shadow
> account         required        /lib/security/pam_pwdb.so
> session         required        /lib/security/pam_pwdb.so
> password        required        /lib/security/pam_pwdb.so
> 
> - is this enough to reproduce it, or do I need to use
> the pam_stack stuff ?
> 

That should be fine.  All pam_stack should do is change the service from
samba to system-auth.

Its designed to make the admins life easier by giving them one config
file, not 15.  It will be very useful for winbind, as there will be one
file you can modify to supplant pam_pwdb with pam_winbind.  

(BTW, I would like to look into winbind, I currently only know the
superficial details, where abouts is it?  Its not obvious in CVS.)

Andrew Bartlett
abartlet at pcug.org.au

-- 
Andrew Bartlett
abartlet at pcug.org.au