3.0.23rc1 Problem with pam_winbind on Samba DC
John P Janosik
jpjanosi at us.ibm.com
Wed May 24 20:29:39 GMT 2006
It looks like pam_winbind configured on a machine that is a Samba DC cannot
work with 3.0.23.rc1. I upgraded a test 3.0.21b Samba DC with ldapsam
backend to 3.0.23rc1 and I see the following problem with authenticating
via PAM:
from log.wb-JPJLIN1:
[2006/05/24 15:16:11.386764, 10]
nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(1248)
Failed to get password policies: NT_STATUS_NOT_IMPLEMENTED
[2006/05/24 15:16:11.386828, 2]
nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(1274)
Plain-text authentication for user jpjtest1 returned
NT_STATUS_NOT_IMPLEMENTED (PAM: 4)
[2006/05/24 15:16:11.386891, 10]
nsswitch/winbindd_cache.c:cache_store_response(1912)
Storing response for pid 27804, len 3192
from /var/log/messages:
May 24 15:16:11 jpjlin pam_winbind[27810]: request failed: Not implemented,
PAM error was System error (4), NT error was NT_STATUS_NOT_IMPLEMENTED
May 24 15:16:11 jpjlin pam_winbind[27810]: internal module error (retval =
4, user = `jpjtest1')
Looking in nsswitch/winbind_util.c it looks like the methods to get the
password policy are only implemented in the case that the role is
ROLE_DOMAIN_MEMBER. From a quick look at the new code in
pam_winbindd.c:winbind_auth_request it relies on being able to get the
password policy. Is there some way around this in the new pam_winbind?
John Janosik
IBM Information Technology Services Americas
jpjanosi at us.ibm.com
More information about the samba-technical
mailing list