Thank you for the further details. Indeed, I was able to reproduce and confirm this locally. It is a limitation of winbind. In fact, I have found an upstream bug about this problem:
https://bugzilla.samba.org/show_bug.cgi?id=14622 The "good news" is that upstream is aware of such limitation. The bad news is that the person who was trying to implement the PAM account support on winbind has lost interest in doing so. Anyway, I'm marking this bug as triaged and linking the upstream bug, but unfortunately we won't be able to do much here unless upstream takes the lead on this. Sorry about it. ** Bug watch added: Samba Bugzilla #14622 https://bugzilla.samba.org/show_bug.cgi?id=14622 ** Changed in: samba (Ubuntu) Status: Incomplete => Triaged ** Also affects: samba via https://bugzilla.samba.org/show_bug.cgi?id=14622 Importance: Unknown Status: Unknown ** Changed in: samba (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1913851 Title: pam_winbind should reject disabled users To manage notifications about this bug go to: https://bugs.launchpad.net/samba/+bug/1913851/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs