[Samba] Problem with winbind: PAM

George Lenzer George.Lenzer at cpl.org
Wed Dec 4 16:19:01 GMT 2002

OK.  Forget what I just sent.  Somehow, I managed to add a character to
my domain while I was looking at the smb.conf file in emacs.  Once I
changed that, getent now works for me.  My problem was symlink.  Somehow
I misread the instructions and created /lib/libnss_winbind.2 instead of

So now onto my new problem... this is most definitely PAM related.  When
I try to log into a console session using one of the domain accounts, it
looks like it does get authorized, but 'login' doesn't allow me in. 
Here is my 'login' file from /etc/pam.d:

auth       required     /lib/security/pam_securetty.so
auth       sufficient   /lib/security/pam_winbind.so
auth       sufficient   /lib/security/pam_unix.so use_first_pass
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    sufficient   /lib/security/pam_winbind.so
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_console.so
session    optional     /lib/security/pam_mkhomedir.so

And my system-auth:

# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        sufficient    /lib/security/pam_winbind.so
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        required      /lib/security/pam_deny.so

account     sufficient    /lib/security/pam_winbind.so
account     required      /lib/security/pam_unix.so

password    required      /lib/security/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/pam_unix.so nullok use_authtok
md5 shado
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_mkhomedir.so umask=0022
session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so

I've modified both files based on info that I've found on the net in
various locations.  I think something must be wrong because I now get
prompted for passwords twice when I try to log on to an X session or su
to root either in X or at the console.  Someone on one of the sites I
was looking at made a suggestion to add 'pam_unix' to a few spots to fix
this.  I didn't have the problem UNTIL I added the additional lines. 
And I'm not 100% sure if the pam_unix lib is really the culprit for the
double password.


More information about the samba mailing list