smb_pam_accountcheck returns bad value?

Andrew Bartlett abartlet at
Fri May 4 03:01:51 GMT 2001

No, we use NT_STATUS constants to allow us to make NT show a meaningful
error message on failure.  This is used in the domain logon code, which
calls smb_pam_accountcheck.

Furthermore the current code in SAMBA_2_2 has this is

                if (ret)
                  return (smb_pam_accountcheck(user) ==

So I fail to see the bug.

Ensure your local tree is up-to-date.

Andrew Bartlett

Simo Sorce wrote:
> shouldn't smb_pam_accountcheck return true on success?
> testing without pam support I've seen that smb_pam_accountcheck
> returns NT_STATUS_NOPROBLEMO (0x0) to password_ok instead of true (1)
> this will make password validation fail when it should not (password_ok return True on success)
> I've changed it to:
> uint32 smb_pam_accountcheck(char * user)
> {
>         return True;
> }
> to be able to validate users.
> bye.
> --
> Simo Sorce
> ------------------------------
>  Unix IS user friendly, it is just selective about who his friends are.

Andrew Bartlett
abartlet at

More information about the samba-technical mailing list