[Samba] ODD PAM ERROR

John H Terpstra jht at samba.org
Thu Nov 13 03:18:55 GMT 2003 

On Wed, 12 Nov 2003, Brandon Lederer wrote:

> I Have a "nobody" account.  However I didn't have that line in there, or
> rather it was commented out.  So, I uncommented it, restarted samba and
> winbind to no avail.  No luck with the magic crystal this time.  So that
> we have a clear distinct crystal, I will paste my smb.conf file.  My bad.
> Comments removed.

Ok. Much better info this time! :)

You are configured to be a domain member, therefor you do not need tdbsam.
Also, since you are not doing local authentication you should not specify
"obey pam restrictions". Both "password chat" and "passwd bprogram" are
not relevant for a Domain Member.

So, comment out the lines above and it should work.

Cheers,
John T.


> [global]
>    workgroup = HMS
>    server string = %h server (Samba %v)
>    dns proxy = no
>    log file = /var/log/samba/log.%m
>    max log size = 1000
>    syslog = 0
>    panic action = /usr/share/samba/panic-action %d
>    security = domain
>    encrypt passwords = true
>    passdb backend = tdbsam guest
>    obey pam restrictions = yes
>    guest account = nobody
>    invalid users = root
>    passwd program = /usr/bin/passwd %u
>    passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
> *Retype\snew\sUNIX\spassword:* %n\n .
>    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>    idmap uid = 10000-20000
>    idmap gid = 10000-20000
>    template shell = /bin/false
>    winbind separator = +
>
> [data]
>         path = /data
>         public = yes
>
>
> John H Terpstra wrote:
>
> >On Fri, 7 Nov 2003, Brandon Lederer wrote:
> >
> >
> >
> >>I have set up winbind, made the nsswitch settings, joined the current NT
> >>Domain, got back the message that said "Welcome to Domain".  When I try
> >>to access the PC, it brings up IPC$ and wants a password.  The log for
> >>that workstation says "PAM:  UNKNOWN PAM ERROR (9) during Account
> >>Management for User:  Domain+USERNAME!"  Then it says "PAM: Account
> >>Validation Failed - Rejecting User Domain+USERNAME!"
> >>
> >>Does anyone have any helpful ideas?
> >>
> >>
> >
> >Brandon,
> >
> >You are asking us to exercise our worn-out crystal balls by not providing
> >your smb.conf file, so here goes:
> >
> >My guess is that your UNIX system does NOT have an account called
> >"nobody". I guess also that given that your system does not have a nobody
> >account, you also do not have the following entry in your smb.conf file
> >[globals] section:
> >
> >	guest account = 'a_valid_unix_account'
> >
> >So let me know, did my crystal ball work this time. Dang, it's been so
> >unreliable lately! :)
> >
> >- John T.
> >
> >
>
>

-- 
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list