Bug 235213
Summary: | pam_winbind failure | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Vadym Chepkov <vchepkov> |
Component: | samba | Assignee: | Guenther Deschner <gdeschner> |
Status: | CLOSED NOTABUG | QA Contact: | David Lawrence <dkl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6 | CC: | jplans, samba-bugs-list |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 3.0.24-4 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-05-11 15:23:08 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Vadym Chepkov
2007-04-04 15:37:12 UTC
Simo, this we have fixed with 3.0.24-5.fc7 already. Thank you for the report, I have pushed to FC5 and FC6 the fixes we had in rawhide, please reopen the bug is the new package still gives you problems. I just got samba-client-3.0.24-4.fc6 samba-common-3.0.24-4.fc6 # grep winbind /etc/pam.d/system-auth auth sufficient pam_winbind.so unknown_ok account sufficient pam_winbind.so unknown_ok session sufficient pam_winbind.so unknown_ok As I said earlier, I found argument unknown_ok in the source code, it is not listed at the pam_winbind man page and listed argument silent in fact doesn't exist. The problem still exist, but it now looks different: Apr 11 07:34:45 pegasus pam_winbind[10673]: request failed: No such user, PAM error was User not known to the underlying authentication module (10), NT error was NT_STATUS_NO_SUCH_USER Apr 11 07:34:45 pegasus pam_winbind[10673]: request failed Right, the "silent" option can currently only be enabled when using a /etc/security/pam_winbind.conf config file (which we do not package yet). Let me rephrase this bug: you're trying to login with a local user (and you have pam_winbind) in the PAM stack, correct? And that local login fails, as pam_winbind does not return the correct error code (PAM_IGNORE), right? Yes, this is correct Ok, your PAM configration seems to be selfwritten (not generated by authconfig). Just make sure you have account sufficient pam_localuser.so before the account sufficient pam_winbind.so unknown_ok then your pam configuration should work. authconfig will have this fixed and work by default on Fedora 7. Closing this bug now. |