W2K Domain Login Problem with 2.2.0

Andrew Bartlett abartlet at pcug.org.au
Sun Apr 22 15:36:07 GMT 2001


Steve Langasek wrote:
> 
> On Sun, 22 Apr 2001, Jeremy Allison wrote:
> 
> > On Sun, Apr 22, 2001 at 06:41:06PM +1000, Andrew Bartlett wrote:
> 
> > > There seems to be a bug in the interaction between Win2k domain logons
> > > and PAM account managment.  It is not present for my NT4 (no SP) VMware
> > > session.
> 
> > > I currently don't have access to a Win2k machine, so can't particuarly
> > > test any further.  I suspect that the username being passed to PAM is in
> > > some way slightly malformed, such that the account management fails.
> 
> > I have a w2k vmware session and can test that at home
> > tomorrow (it's very late here California time). Are
> > you meaning setting up Samba as a PDC configured as
> > --with-pam ? If so I'll test that tomorrow....
> 
> > I'm running on RedHat 6.2, without the pam_stack modile.
> > My current pam.d/samba file looks like :
> 
> > auth            required        /lib/security/pam_pwdb.so nullok shadow
> > account         required        /lib/security/pam_pwdb.so
> > session         required        /lib/security/pam_pwdb.so
> > password        required        /lib/security/pam_pwdb.so
> 
> > - is this enough to reproduce it, or do I need to use
> > the pam_stack stuff ?
> 
> That should be enough to let you debug and determine why we're getting a
> PAM_USER_UNKNOWN error, unless it's a problem specifically with Solaris's
> pam_unix module.  I wouldn't recommend the above configuration on a production
> system, though; pam_pwdb is abysmally slow.

There's also a report on linux (I think).  I think that Win2k is
slightly mangling the username.  Users of Win2k can still map drives, so
its only the code in srv_netlogon_nt.c that's in question.

-- 
Andrew Bartlett
abartlet at pcug.org.au




More information about the samba-technical mailing list