vsftpd+ldap/Active directory /almost/ working

I’ve been lurking on here a lot lately, but I haven’t posted in a while. Love this place.

Here’s what’s going on:
I’m working in a Windows Server 2008 domain that uses Active Directory for authentication all across the network. Setting this all up on my two 11.3 servers was a BREEZE through Yast2. Took less time to set up both servers than to set up on XP workstation!

So everything is working great with AD/ldap integration (SSH, .htaccess, etc), except vsftp.

I didn’t really do anything with the configuration except when troubleshooting this issue, so it’s stock except for the nopriv_user which i tried changing from ftpsecure to ftp as well as disabling it. I also tried anonymous_enable=YES and No.

The error I get despite these changes is always :

Connected to server.domain.local
220 (vsFTPd 2.2.2)
User (server.domain.local:(none)): mross
331 Please specify the password.
Password:
500 OOPS: cannot locate user entry:mross
500 OOPS: priv_sock_get_cmd
Connection closed by remote host.

The strange thing is that /var/log/messaged shows this:

Sep 17 11:34:42 DEVServer vsftpd[1]: pam_winbind(vsftpd:auth): getting password (0x00000190)
Sep 17 11:34:42 server vsftpd[1]: pam_winbind(vsftpd:auth): pam_get_item returned a password
Sep 17 11:34:42 server vsftpd[1]: pam_winbind(vsftpd:auth): user 'mross' granted access
Sep 17 11:34:42 server vsftpd[1]: pam_winbind(vsftpd:account): user 'mross' granted access
Sep 17 11:34:42 server vsftpd[1]: [mross] OK LOGIN: Client "::ffff:192.168.1.164"

Any ideas? Googling around for “500 OOPS: cannot locate user entry” came up with a TON of posts, but none seemed to do the trick, and they all seemed to focus on nopriv_user/anonymous_enable.

My assumption is that I’ve got something wrong in /etc/pam.d/vsftpd or /etc/vsftpd.conf or that vsftpd wants a local user or something.

This is a headless, root-only box, by the way.

Thanks!