From owner-freebsd-stable Wed Jan 27 10:40:41 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA22047 for freebsd-stable-outgoing; Wed, 27 Jan 1999 10:40:41 -0800 (PST) (envelope-from owner-freebsd-stable@FreeBSD.ORG) Received: from mortar.carlson.com (mortar.carlson.com [208.240.12.98]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA22041 for ; Wed, 27 Jan 1999 10:40:40 -0800 (PST) (envelope-from veldy@visi.com) Received: from mortar.carlson.com (root@localhost) by mortar.carlson.com with ESMTP id MAA15969 for ; Wed, 27 Jan 1999 12:40:12 -0600 (CST) Received: from w142844 ([172.25.99.35]) by mortar.carlson.com with SMTP id MAA15965 for ; Wed, 27 Jan 1999 12:40:03 -0600 (CST) Message-ID: <010f01be4a24$90336d00$236319ac@w142844.carlson.com> From: "Thomas T. Veldhouse" To: "FreeBSD-Stable" Subject: Samba and PAM - Solution Date: Wed, 27 Jan 1999 12:40:41 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I am forwarding this to the list, as I just recieved the information and there has been a lot said about it. The solution is specific to RedHat, but it should (hopefully) work with FreeBSD. It is mentioned below as if it will work for FreeBSD. I have not tried it yet. Tom Veldhouse veldy@visi.com ---- Date: Wed, 27 Jan 1999 10:28:09 -0700 (MST) From: Dax Kelson To: samba@samba.org Subject: Samba 2.0 RedHat/PAM password troubles found and solved! Message-ID: I tried upgrading from samba 1.9 to 2.0 on two seperate RedHat servers, and after both upgrades nobody could get authenticated. The windows boxes had the registry hacks to turn off encrypted passwords, and I'm authenticating out of passwd+shadow. I found many similiar posts on DejaNews and in the samba mailing list archives. I broke out strace and found the problem. Samba 2.0 tries to open: /etc/pam.d/samba and failing (since it doesn't exist on any box I've ever seen) opens /etc/pam.d/other The contents of which are: #%PAM-1.0 auth required /lib/security/pam_deny.so account required /lib/security/pam_deny.so password required /lib/security/pam_deny.so session required /lib/security/pam_deny.so The authentication fails. So I created the file /etc/pam.d/samba with this content: #%PAM-1.0 auth required /lib/security/pam_pwdb.so shadow account required /lib/security/pam_pwdb.so password required /lib/security/pam_pwdb.so shadow use_authtok session required /lib/security/pam_pwdb.so Now Samba 2.0 works and everyone can authenticate! You probably want to add this to your FAQ, like I said I've seen dozens of posts regarding this issue (some on FreeBSD w/PAM). Dax Kelson Internet Connect, Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message