W2K Domain Login Problem with 2.2.0
PeRcY YuEn
percy at py.dhs.org
Mon Apr 23 20:20:01 GMT 2001
Steve,
On Mon, 23 Apr 2001, Steve Langasek wrote:
> The logfile snippets Percy provided clearly show that the username being
> rejected by PAM is the correct username (unless you're proposing that Win2k
> has mangled the name in such a way that there are trailing invisible garbage
> chars in the username string, which don't show up in the logfile and don't
> prevent Samba from authenticating it, but which do prevent PAM from resolving
> the username?
>
> Percy,
> If you change the line
>
> samba account required /usr/lib/security/pam_unix.so.1
>
> in your /etc/pam.conf to read
>
> samba account required /usr/lib/security/pam_permit.so.1
>
Believe me, the PAM implementation in Solaris is rather old. I've looked
through the files in /lib/security/pam*.so and only found 3 usable and
they are pam_unix, pam_dial_auth and pam_rhosts_auth. Sigh...
Regards,
Percy
> instead, does this give better results? Theoretically, this change should
> restore Samba's previous behavior as of 2.0.7. (Assuming that you have
> /usr/lib/security/pam_permit.so.1 on your system; I admit that I'm rather
> ignorant of what modules Solaris includes.)
>
> Regards,
> Steve Langasek
> postmodern programmer
>
More information about the samba-technical
mailing list