3.0.23rc1 Problem with pam_winbind on Samba DC

John P Janosik jpjanosi at us.ibm.com
Wed May 24 20:29:39 GMT 2006

It looks like pam_winbind configured on a machine that is a Samba DC cannot
work with 3.0.23.rc1.  I upgraded a test 3.0.21b Samba DC with ldapsam
backend to 3.0.23rc1 and I see the following problem with authenticating
via PAM:

from log.wb-JPJLIN1:
[2006/05/24 15:16:11.386764, 10]
  Failed to get password policies: NT_STATUS_NOT_IMPLEMENTED
[2006/05/24 15:16:11.386828, 2]
  Plain-text authentication for user jpjtest1 returned
[2006/05/24 15:16:11.386891, 10]
  Storing response for pid 27804, len 3192

from /var/log/messages:
May 24 15:16:11 jpjlin pam_winbind[27810]: request failed: Not implemented,
PAM error was System error (4), NT error was NT_STATUS_NOT_IMPLEMENTED
May 24 15:16:11 jpjlin pam_winbind[27810]: internal module error (retval =
4, user = `jpjtest1')

Looking in nsswitch/winbind_util.c it looks like the methods to get the
password policy are only implemented in the case that the role is
ROLE_DOMAIN_MEMBER.  From a quick look at the new code in
pam_winbindd.c:winbind_auth_request it relies on being able to get the
password policy.  Is there some way around this in the new pam_winbind?

John Janosik
IBM Information Technology Services Americas
jpjanosi at us.ibm.com

More information about the samba-technical mailing list