Nolan Garrett
2006-Aug-22 19:29 UTC
[Samba] Pam [default=bad success=ok user_unknown=ignore], Winbind
Winbind has been working great for domain logons (have to restart it every few weeks, but other than that, works great!), but today I noticed I couldn't log in as a local user. For instance, if my local user was test, and I tried to log in, I'd get this in /var/log/messages: Aug 22 12:14:00 mgprisvr pam_winbind[8346]: request failed, but PAM error 0! Aug 22 12:14:00 mgprisvr pam_winbind[8346]: internal module error (retval = 3, user = `test') There were no errors in the winbind.log file. In my /etc/pam.d/system-auth, I found this line: account [default=bad success=ok user_unknown=ignore] pam_winbind.so I Googled that line (and parts of it) but had no luck figuring out what it was doing. I changed it to: account sufficient pam_winbind.so and now I can log in with local accounts, as well as domain (winbind) accounts. I have two questions: A) Is this some kind of bug with winbind, or did some other tool mis-configure my system-auth file with this line? B) What does the [default=bad success=ok user_unknown=ignore] line do, and does it matter that I removed it? Thanks! Nolan Garrett -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.samba.org/archive/samba/attachments/20060822/182c6303/signature.bin
Rex Dieter
2006-Aug-22 19:37 UTC
[Samba] Re: Pam [default=bad success=ok user_unknown=ignore], Winbind
Nolan Garrett wrote:> Winbind has been working great for domain logons (have to restart it > every few weeks, but other than that, works great!), but today I noticed > I couldn't log in as a local user. For instance, if my local user was > test, and I tried to log in, I'd get this in /var/log/messages: > > Aug 22 12:14:00 mgprisvr pam_winbind[8346]: request failed, but PAM error > 0! Aug 22 12:14:00 mgprisvr pam_winbind[8346]: internal module error > (retval = 3, user = `test')What version of samba? (I *think* samba-3.0.23 had this problem, but it was fixed in 3.0.23a) -- Rex
Possibly Parallel Threads
- W2K3 Domain - Can't Connect to Share?
- string_to_sid: Sid S-0-0 is not in a valid format.
- Winbind Troubles... string_to_sid: Sid S-0-0 is not in a valid format.
- What's wrong with my smb.conf? Access Denied with 3.0.23c
- SAMBA PDC User Permissions, Admin Settings, and Logon?