:Re: [Samba] Unknown PAM failiure in WIN2003/ Active Directory + samba

Philippe Dhont (Sea-ro) philippe.dhont at searo.be
Mon Oct 17 13:53:40 GMT 2005

Huh.... mean! :)

In smb.conf, i removed obey pam restrictions and now it works...
What does "obey pam restrictions" do ?


Hash: SHA1

Philippe Dhont (Sea-ro) escreveu:
> Hello,
> I have an existing windows 2003 network and now try to add a new linux

> server with samba/kerberos support for unified logon authentication. 
> Normally, everything is installed & this is the configuration:

> - Debian with kernel

	Are you sure about this kernel version? :-)

> In my /etc/pam.d/samba file i have:
> @include common-auth
> @include common-account
> @include common-session
> auth    required        /lib/security/pam_winbind.so
> account required        /lib/security/pam_winbind.so

	I'm not sure, but I believe you should put auth options
together, same for account, AFAIK, pam check the options line by line,
after the auth area ends, there is no chance to "another auth area", you
should put auth parameters all together, like this:

@include common-auth
auth 	required	/lib/security/pam_winbind.so
@include common-account
account required	/lib/security/pam_winbind.so

> In my loggings i get after trying:

> In the new added logfile from the windows pc i tried to connect:

> [2005/10/17 11:26:59, 0] auth/pampass.c:smb_pam_account(573)
>   smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account 
> Management for User: TEST\phil
> [2005/10/17 11:26:59, 0] auth/pampass.c:smb_pam_accountcheck(781)
>   smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting 
> User TEST\phil!


	Yep, looks like pam stack problem. :-)

> On the windowsXP pc, i am logged in as phil and when i connect and i 
> get a logon, i tried TEST\Administrator I don't find alot of good 
> information about this error, but i hope that someone can help me out.

	Hope it helps, cheers,

More information about the samba mailing list