PAM can be fickle and sensitive to configuration glitches. Here we look at a few cases from the Samba mailing list.
24.3.1 pam_winbind Problem
A user reported : I have the following PAM configuration:
auth required /lib/security/pam_securetty.so auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so use_first_pass nullok auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so account required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_winbind.so password required /lib/security/pam_stack.so service=system-auth
When I open a new console with [ctrl][alt][F1], I can't log in with my user " pitie ". I have tried with user " scienceu+pitie " also.
Answer: The problem may lie with your inclusion of pam_stack.so service=system-auth . That file often contains a lot of stuff that may duplicate what you are already doing. Try commenting out the pam_stack lines for auth and account and see if things work. If they do, look at /etc/pam.d/system-auth and copy only what you need from it into your /etc/pam.d/login file. Alternately, if you want all services to use Winbind, you can put the Winbind-specific stuff in /etc/pam.d/system-auth .
24.3.2 Winbind Is Not Resolving Users and Groups
" My smb.conf file is correctly configured. I have specified idmap uid = 12000, and idmap gid = 3000-3500 and winbind is running. When I do the following it all works fine ."
root# wbinfo -u MIDEARTH+maryo MIDEARTH+jackb MIDEARTH+ameds ... MIDEARTH+root root# wbinfo -g MIDEARTH+Domain Users MIDEARTH+Domain Admins MIDEARTH+Domain Guests ... MIDEARTH+Accounts root# getent passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/bin/bash ... maryo:x:15000:15003:Mary Orville:/home/MIDEARTH/maryo:/bin/false
" But this command fails :"
root# chown maryo a_file chown: 'maryo': invalid user
" This is driving me nuts! What can be wrong? "
Answer: Your system is likely running nscd , the name service caching daemon. Shut it down, do not restart it! You will find your problem resolved.