[Samba] Pam [default=bad success=ok user_unknown=ignore], Winbind
Nolan Garrett
nolan at massivegeek.com
Tue Aug 22 19:28:34 GMT 2006
Winbind has been working great for domain logons (have to restart it
every few weeks, but other than that, works great!), but today I noticed
I couldn't log in as a local user. For instance, if my local user was
test, and I tried to log in, I'd get this in /var/log/messages:
Aug 22 12:14:00 mgprisvr pam_winbind[8346]: request failed, but PAM error 0!
Aug 22 12:14:00 mgprisvr pam_winbind[8346]: internal module error
(retval = 3, user = `test')
There were no errors in the winbind.log file.
In my /etc/pam.d/system-auth, I found this line:
account [default=bad success=ok user_unknown=ignore] pam_winbind.so
I Googled that line (and parts of it) but had no luck figuring out what
it was doing.
I changed it to:
account sufficient pam_winbind.so
and now I can log in with local accounts, as well as domain (winbind)
accounts.
I have two questions:
A) Is this some kind of bug with winbind, or did some other tool
mis-configure my system-auth file with this line?
B) What does the [default=bad success=ok user_unknown=ignore] line do,
and does it matter that I removed it?
Thanks!
Nolan Garrett
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba/attachments/20060822/182c6303/signature.bin
More information about the samba
mailing list