The Samba-Bugzilla – Bug 2210
Some NT_STATUS_* errors don't have mapped PAM errors
Last modified: 2016-08-01 10:13:37 UTC
Error messages like NT_STATUS_ACCOUNT_DISABLED, NT_STATUS_PASSWORD_RESTRICTION
does not have mapped PAM errors. So, when an application receives them, the PAM
error will be "4", which is PAM_SYS_ERROR.
So, the end user will not know what went wrong even though pam_winbind returns
errors like "account disabled", "password restriction" etc.
These errors should be mapped to known PAM errors, so that applications can
interpret them in a better way and convey the same to end user.
Created attachment 877 [details]
Patch to map some NT_STATUS_* errors to PAM errors
The patch attached above was discussed in samba-technical mailing list @
moving back to 3.0
This looks like it has been fixed in the meantime. It should be fixed in all current versions.