[Samba] More pam_winbind trouble

Diego Rivera diego at rivera.net
Sat Jun 3 16:31:46 GMT 2006

Hello all.  Sorry for the re-post, I MUST remember to turn off HTML text 
and GPG signing...

First off, I'm using Samba 3.0.22 and can't risk to use Samba 3.0.23rc1 
because I have no "valid" test environment for it.

My problem is this:  I'm using pam_winbind to authenticate users against 
ActiveDirectory, and whenever they enter a bad password, pam_winbind 
will fail 3 times in a row, but the user is only asked to enter the 
password once (the first time).  This, of course, is resulting in a lot 
of needlessly locked accounts.  I tried substituting with pam_krb5, and 
it worked fine, which means it's a logic problem with winbind.  However, 
there's other reasons I can't use pam_krb5.

I'm trying to figure out where the logic fault is within pam_winbind, 
but it would help if whoever wrote it could shine a light my way.  I'm 
in the process of comparing the pam_winbind code from 3.0.22 with 
3.0.23rc1 to see if I catch anything obvious.  The toughest part is 
"filtering out" all the new stuff.

If I come up with a patch to fix this, I'll submit it for review.  This 
is the last remaining step in getting my environment up and working.  
Once it's verified to be OK, I'll be posting a small howto for what I've 
done, as I'm sure others may be interested in doing similar things.



More information about the samba mailing list