smb_pam_accountcheck returns bad value?
Andrew Bartlett
abartlet at pcug.org.au
Fri May 4 03:01:51 GMT 2001
No, we use NT_STATUS constants to allow us to make NT show a meaningful
error message on failure. This is used in the domain logon code, which
calls smb_pam_accountcheck.
Furthermore the current code in SAMBA_2_2 has this is
password.c:password_ok()
if (ret)
return (smb_pam_accountcheck(user) ==
NT_STATUS_NOPROBLEMO);
So I fail to see the bug.
Ensure your local tree is up-to-date.
Andrew Bartlett
Simo Sorce wrote:
>
> shouldn't smb_pam_accountcheck return true on success?
> testing without pam support I've seen that smb_pam_accountcheck
> returns NT_STATUS_NOPROBLEMO (0x0) to password_ok instead of true (1)
> this will make password validation fail when it should not (password_ok return True on success)
>
> I've changed it to:
>
> uint32 smb_pam_accountcheck(char * user)
> {
> return True;
> }
>
> to be able to validate users.
>
> bye.
>
> --
> Simo Sorce
> ------------------------------
> Unix IS user friendly, it is just selective about who his friends are.
--
Andrew Bartlett
abartlet at pcug.org.au
More information about the samba-technical
mailing list