Hi I'm using a Perl script to call PAM to authenticate using Winbind to contact a Windows ADS. This is on a Debian Sarge box. The machine has been added to the domain (using kerberos and net ads join command). Winbindd is configured successfully and I get this when I try and run wbinfo -a wbinfo -a abhay_pradhan%****** plaintext password authentication succeeded challenge/response password authentication succeeded However, when I use the Perl script (Authen::SimplePam package and calling the service foobar), the winbind log shows that the user is authenticated only using Plain-text. Why not challenge-response? ****************************************** package FOO::PAM; use Authen::SimplePam; use strict; sub is_good_pam { my ($user, $pass) = @_; my $service = "foobar"; my $authn = new Authen::SimplePam(); if ($authn->auth_user($user, $pass, $service) eq 1) { debug("success, returning 1"); return 1; } else { debug("failure, returning 0 with user=$user and pass=$pass"); return 0; } } 1; ****************************************** Here is the output from the winbind log. [2005/09/24 11:40:24, 5] nsswitch/winbindd_pam.c:winbindd_pam_auth(361) Plain-text authentication for user abhay_pradhan returned NT_STATUS_OK (PAM: 0) Is there something I'm doing wrong? Here is the relevant foobar service ***************************************** #%PAM-1.0 @include common-auth @include common-account auth sufficient /lib/security/pam_winbind.so debug account sufficient /lib/security/pam_winbind.so debug ****************************************** and here is the relevant smb.conf ****************************************** # Global parameters [global] unix charset = LOCALE workgroup = MYGROUP netbios name = foo server string = Samba Server realm = AD.MYCOMPANY.COM <http://AD.MYCOMPANY.COM> # security security = ADS encrypt passwords = Yes auth methods = winbind password server = 192.168.200.53 <http://192.168.200.53> # logging log level = 9 syslog = 0 log file = /var/log/samba/%m max log size = 50 # user info username map = /etc/samba/smbusers #idmap backend = idmap_rid:MYGROUP=16777216-33554431 idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/bash template homedir = /home/%D/%U template primary group = "Domain Users" # winbind winbind use default domain = Yes winbind separator = + winbind enum users = No winbind enum groups = No winbind cache time = 300 winbind enable local accounts = no winbind nested groups = Yes # server related allow trusted domains = No obey pam restrictions = no domain logons = No add user script = /usr/sbin/useradd -s /bin/false '%u' client signing = no client use spnego = No client schannel = no ****************************************** help! :) cheers Abhay