[Samba] Re: samba-3.0.22 -> samba-3.0.23 pam_winbind issue(s)

Dietrich Streifert dietrich.streifert at visionet.de
Thu Jul 13 09:58:13 GMT 2006

I found a bug in nsswitch/pam_winbind.c which I reported to


I submitted shortly a patch which solves the issue.

In _pam_parse (pam_winbind.c) there are two for statements which consume the
parameters argc and argv. The first loop decrements argc and increments argv
while trying to find out if a config file argument is given to pam_winbind.

The second for statement, which does the usual loop through argv, assumes that
argc and argv are at initial state so, in best case the loop is never entered
and parameters like use_first_pass are not recognized.

The patch can be found here:


Please report if this
> Gerald (Jerry) Carter wrote:
> />/ Hash: SHA1
> />/ 
> />/ Rex Dieter wrote:
> />/ 
> />>/ After upgrading to 3.0.23
> />>/ * I needed to add idmap options (I used idmap 
> />>/ backend = rid), else winbind would only start in "netlogon
> />>/ proxy mode", and basically, didn't work.  ):
> />/ 
> />/ What do you mean by wouldn't work?  Wouldn't return
> />/ users?  That is to be expected.
> /
> Nothing worked.  In particular, authentication no longer functioned as 
> it did before the upgrade.
> Like I said, no biggie.  EASYFIX.  Since, as you said, it probably 
> shouldn't have worked in that configuration before.
> >>/ * login/authentication attempts now (most often) 
> />>/ ask for a password *twice*.  ??????
> />/ 
> />/ Known issue.  We're workign on it.
> />/ https://bugzilla.samba.org/show_bug.cgi?id=3916
> /
> Thanks.

Mit freundlichen Grüßen
Dietrich Streifert
Visionet GmbH

More information about the samba mailing list