W2K Domain Login Problem with 2.2.0

PeRcY YuEn percy at py.dhs.org
Mon Apr 23 20:20:01 GMT 2001


On Mon, 23 Apr 2001, Steve Langasek wrote:
> The logfile snippets Percy provided clearly show that the username being
> rejected by PAM is the correct username (unless you're proposing that Win2k
> has mangled the name in such a way that there are trailing invisible garbage
> chars in the username string, which don't show up in the logfile and don't
> prevent Samba from authenticating it, but which do prevent PAM from resolving
> the username?
> Percy,
> If you change the line
> samba   account required        /usr/lib/security/pam_unix.so.1
> in your /etc/pam.conf to read
> samba   account required        /usr/lib/security/pam_permit.so.1

  Believe me, the PAM implementation in Solaris is rather old. I've looked
through the files in /lib/security/pam*.so and only found 3 usable and
they are pam_unix, pam_dial_auth and pam_rhosts_auth. Sigh...


> instead, does this give better results?  Theoretically, this change should
> restore Samba's previous behavior as of 2.0.7.  (Assuming that you have
> /usr/lib/security/pam_permit.so.1 on your system; I admit that I'm rather
> ignorant of what modules Solaris includes.)
> Regards,
> Steve Langasek
> postmodern programmer

More information about the samba-technical mailing list