Date: Wed, 27 Jan 1999 12:40:41 -0600 From: "Thomas T. Veldhouse" <veldy@visi.com> To: "FreeBSD-Stable" <freebsd-stable@FreeBSD.ORG> Subject: Samba and PAM - Solution Message-ID: <010f01be4a24$90336d00$236319ac@w142844.carlson.com>
next in thread | raw e-mail | index | archive | help
I am forwarding this to the list, as I just recieved the information and there has been a lot said about it. The solution is specific to RedHat, but it should (hopefully) work with FreeBSD. It is mentioned below as if it will work for FreeBSD. I have not tried it yet. Tom Veldhouse veldy@visi.com ---- Date: Wed, 27 Jan 1999 10:28:09 -0700 (MST) From: Dax Kelson <dkelson@inconnect.com> To: samba@samba.org Subject: Samba 2.0 RedHat/PAM password troubles found and solved! Message-ID: <Pine.LNX.4.04.9901271027520.4596-100000@brookie.inconnect.com> I tried upgrading from samba 1.9 to 2.0 on two seperate RedHat servers, and after both upgrades nobody could get authenticated. The windows boxes had the registry hacks to turn off encrypted passwords, and I'm authenticating out of passwd+shadow. I found many similiar posts on DejaNews and in the samba mailing list archives. I broke out strace and found the problem. Samba 2.0 tries to open: /etc/pam.d/samba and failing (since it doesn't exist on any box I've ever seen) opens /etc/pam.d/other The contents of which are: #%PAM-1.0 auth required /lib/security/pam_deny.so account required /lib/security/pam_deny.so password required /lib/security/pam_deny.so session required /lib/security/pam_deny.so The authentication fails. So I created the file /etc/pam.d/samba with this content: #%PAM-1.0 auth required /lib/security/pam_pwdb.so shadow account required /lib/security/pam_pwdb.so password required /lib/security/pam_pwdb.so shadow use_authtok session required /lib/security/pam_pwdb.so Now Samba 2.0 works and everyone can authenticate! You probably want to add this to your FAQ, like I said I've seen dozens of posts regarding this issue (some on FreeBSD w/PAM). Dax Kelson Internet Connect, Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?010f01be4a24$90336d00$236319ac>