W2K Domain Login Problem with 2.2.0
Andrew Bartlett
abartlet at pcug.org.au
Sun Apr 22 15:36:07 GMT 2001
Steve Langasek wrote:
>
> On Sun, 22 Apr 2001, Jeremy Allison wrote:
>
> > On Sun, Apr 22, 2001 at 06:41:06PM +1000, Andrew Bartlett wrote:
>
> > > There seems to be a bug in the interaction between Win2k domain logons
> > > and PAM account managment. It is not present for my NT4 (no SP) VMware
> > > session.
>
> > > I currently don't have access to a Win2k machine, so can't particuarly
> > > test any further. I suspect that the username being passed to PAM is in
> > > some way slightly malformed, such that the account management fails.
>
> > I have a w2k vmware session and can test that at home
> > tomorrow (it's very late here California time). Are
> > you meaning setting up Samba as a PDC configured as
> > --with-pam ? If so I'll test that tomorrow....
>
> > I'm running on RedHat 6.2, without the pam_stack modile.
> > My current pam.d/samba file looks like :
>
> > auth required /lib/security/pam_pwdb.so nullok shadow
> > account required /lib/security/pam_pwdb.so
> > session required /lib/security/pam_pwdb.so
> > password required /lib/security/pam_pwdb.so
>
> > - is this enough to reproduce it, or do I need to use
> > the pam_stack stuff ?
>
> That should be enough to let you debug and determine why we're getting a
> PAM_USER_UNKNOWN error, unless it's a problem specifically with Solaris's
> pam_unix module. I wouldn't recommend the above configuration on a production
> system, though; pam_pwdb is abysmally slow.
There's also a report on linux (I think). I think that Win2k is
slightly mangling the username. Users of Win2k can still map drives, so
its only the code in srv_netlogon_nt.c that's in question.
--
Andrew Bartlett
abartlet at pcug.org.au
More information about the samba-technical
mailing list