pam_winbind should reject disabled users
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
samba |
Unknown
|
Unknown
|
|||
samba (Ubuntu) |
Triaged
|
Medium
|
Unassigned |
Bug Description
pam_winbind should reject disabled users. Currently, disabled accounts are instead treated as disabled passwords, which means that they can still be logged into through other credentials.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: libpam-winbind 2:4.7.6+
ProcVersionSign
Uname: Linux 4.15.0-135-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.21
Architecture: amd64
Date: Fri Jan 29 20:36:50 2021
InstallationDate: Installed on 2018-05-02 (1003 days ago)
InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
OtherFailedConnect: Yes
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SambaServerRegr
SmbConfIncluded: No
SourcePackage: samba
TestparmExitCode: 0
UpgradeStatus: No upgrade log present (probably fresh install)
Changed in samba (Ubuntu): | |
status: | Expired → New |
Can you double-check that your pam configuration for pam_winbind is configured to use required or requisite rather than sufficient?
It's possible that the required or requisite defaults aren't sufficient but may still be possible to configure using the more complicated pam syntax. Search for 'valueN' in /usr/share/ doc/libpam- doc/txt/ Linux-PAM_ SAG.txt. gz for some details. I don't know off-hand if the pam_winbind module supports these finer-grained controls but it's possible it does.
Thanks