Thank you for the further details. Indeed, I was able to reproduce and confirm this locally. It is a limitation of winbind. In fact, I have found an upstream bug about this problem:
https://bugzilla.samba.org/show_bug.cgi?id=14622 The "good news" is that upstream is aware of such limitation. The bad news is that the person who was trying to implement the PAM account support on winbind has lost interest in doing so. Anyway, I'm marking this bug as triaged and linking the upstream bug, but unfortunately we won't be able to do much here unless upstream takes the lead on this. Sorry about it. ** Bug watch added: Samba Bugzilla #14622 https://bugzilla.samba.org/show_bug.cgi?id=14622 ** Changed in: samba (Ubuntu) Status: Incomplete => Triaged ** Also affects: samba via https://bugzilla.samba.org/show_bug.cgi?id=14622 Importance: Unknown Status: Unknown ** Changed in: samba (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Server/Client Support Team, which is subscribed to samba in Ubuntu. Matching subscriptions: Ubuntu Server/Client Support Team https://bugs.launchpad.net/bugs/1913851 Title: pam_winbind should reject disabled users To manage notifications about this bug go to: https://bugs.launchpad.net/samba/+bug/1913851/+subscriptions -- Mailing list: https://launchpad.net/~enterprise-support Post to : [email protected] Unsubscribe : https://launchpad.net/~enterprise-support More help : https://help.launchpad.net/ListHelp
