Hello all. Sorry for the re-post, I MUST remember to turn off HTML text
and GPG signing...
First off, I'm using Samba 3.0.22 and can't risk to use Samba 3.0.23rc1
because I have no "valid" test environment for it.
My problem is this: I'm using pam_winbind to authenticate users against
ActiveDirectory, and whenever they enter a bad password, pam_winbind
will fail 3 times in a row, but the user is only asked to enter the
password once (the first time). This, of course, is resulting in a lot
of needlessly locked accounts. I tried substituting with pam_krb5, and
it worked fine, which means it's a logic problem with winbind. However,
there's other reasons I can't use pam_krb5.
I'm trying to figure out where the logic fault is within pam_winbind,
but it would help if whoever wrote it could shine a light my way. I'm
in the process of comparing the pam_winbind code from 3.0.22 with
3.0.23rc1 to see if I catch anything obvious. The toughest part is
"filtering out" all the new stuff.
If I come up with a patch to fix this, I'll submit it for review. This
is the last remaining step in getting my environment up and working.
Once it's verified to be OK, I'll be posting a small howto for what
I've
done, as I'm sure others may be interested in doing similar things.
Thanks
Diego