Hi,

We've setup a test network which consists of a Win2k AD box and a OES 1
sp2 server.
The OES box has been added to the AD domain and at the login box it
displays AD accounts. We can also query the AD through the use of a
console command webinfo -u / -g.

But when logging on as a AD user the following errors are generated:

- PAM_NAM: user xxxxx unknown to the authentication module
- PAM_NAM: Pam_SM_Acct_Mgmt: Pam_SM_Acct_Mgmt called without prior
authentication for user.

The server messages displays:
Dec 18 20:30:34 kujo kdm: :0[12423]: PAM_NAM: User TOPTEST+iron man
unknown to the authentication module
Dec 18 20:30:34 kujo pam_winbind[12423]: user 'TOPTEST+iron man' granted
access
Dec 18 20:30:34 kujo kdm: :0[12423]: PAM_NAM: pam_sm_acct_mgmt:
pam_sm_acct_mgmt called without prior authentication for user
[TOPTEST+iron man]
Dec 18 20:30:34 kujo pam_winbind[12423]: user 'TOPTEST+iron man' granted
access
Dec 18 20:30:34 kujo kdm: :0[12423]: Cannot execute startup script
"/etc/X11/xdm/Xstartup"
Dec 18 20:30:36 kujo kernel: mtrr: type mismatch for d0000000,1000000 old:
write-back new: write-combining
Dec 18 20:30:44 kujo /usr/sbin/namcd[9367]: findUserWithoutUIDAndGID:
Return code from the search: [32]

The login PAM file looks like:
#%PAM-1.0
auth required pam_securetty.so
auth required pam_env.so
auth sufficient pam_winbind.so
auth sufficient pam_unix2.so nullok use_first_pass
auth required pam_deny.so
auth required pam_nologin.so
account sufficient pam_winbind.so
account required pam_unix2.so
password required pam_pwcheck.so nullok
password required pam_unix2.so nullok use_first_pass use_authtok
session required pam_mkhomedir.so skel=/etc/skel/ umask=0077
#session sufficient pam_unix2.so none # debug or trace
session sufficient pam_limits.so

AND the xdm PAM file:
#%PAM-1.0
auth sufficient pam_winbind.so
auth sufficient pam_unix2.so use_first_pass nullok #set_secrpc
account sufficient pam_winbind.so
account required pam_unix2.so
password required pam_unix2.so #strict=false
session required pam_unix2.so debug # trace or none
session required pam_devperm.so
session required pam_resmgr.so

The idea is to allow users who have authenticated to AD, to access the NSS
SAMBA enabled shares.

Any suggestions would be appreciated.

Thanks.

Mike Thompson.