Comes from pam_smb-1.1.7-2
Ah! I'd missed that one.
* What changes if you remove the pam_smb_auth line? Do you still have null access? Do you still have access using the password?
Commenting out the pam_smb_auth line fixes the immediate problem. No null access, and can log in with the root password. So perhaps somewhere in the Samba system? I'm a relative newbie here and don't quite know where to look next. The offending machine is an upgrade from RH9. The samba server is still an RH9 box, and is running Samba 2.2.8a.
There's a lot of scary sounding stuff in /usr/share/doc/pam_smb-1.1.7/README, particularly regarding the use of 'nolocal' to turn off local password file checks. I suspect that your samba server is somehow offering an unpassworded 'root' account.
I really appreciate the help.
No problem. When things slow down it's been good to keep my debugging skills fired up. :)
