PAM should operate on the Unix username, not the NT username (which might not

have the domain\ qualification).

Andrew Bartlett

source/auth/auth.c

@@ -205,7 +205,7 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
 {
 	/* if all the modules say 'not for me' this is reasonable */
 	NTSTATUS nt_status = NT_STATUS_NO_SUCH_USER;
-	const char *pdb_username;
+	const char *unix_username;
 	auth_methods *auth_method;
 	TALLOC_CTX *mem_ctx;
 
@@ -277,19 +277,19 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
 	}
 
 	if (NT_STATUS_IS_OK(nt_status)) {
-		pdb_username = pdb_get_username((*server_info)->sam_account);
+		unix_username = (*server_info)->unix_name;
 		if (!(*server_info)->guest) {
 			/* We might not be root if we are an RPC call */
 			become_root();
-			nt_status = smb_pam_accountcheck(pdb_username);
+			nt_status = smb_pam_accountcheck(unix_username);
 			unbecome_root();
 			
 			if (NT_STATUS_IS_OK(nt_status)) {
 				DEBUG(5, ("check_ntlm_password:  PAM Account for user [%s] succeeded\n", 
-					  pdb_username));
+					  unix_username));
 			} else {
 				DEBUG(3, ("check_ntlm_password:  PAM Account for user [%s] FAILED with error %s\n", 
-					  pdb_username, nt_errstr(nt_status)));
+					  unix_username, nt_errstr(nt_status)));
 			} 
 		}
 		
@@ -299,7 +299,7 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
 			       (*server_info)->guest ? "guest " : "", 
 			       user_info->smb_name.str, 
 			       user_info->internal_username.str, 
-			       pdb_username));
+			       unix_username));
 		}
 	}