Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 27 Jan 1999 12:40:41 -0600
From:      "Thomas T. Veldhouse" <veldy@visi.com>
To:        "FreeBSD-Stable" <freebsd-stable@FreeBSD.ORG>
Subject:   Samba and PAM - Solution
Message-ID:  <010f01be4a24$90336d00$236319ac@w142844.carlson.com>

next in thread | raw e-mail | index | archive | help
I am forwarding this to the list, as I just recieved the information and
there has been a lot said about it.  The solution is specific to RedHat, but
it should (hopefully) work with FreeBSD.  It is mentioned below as if it
will work for FreeBSD.  I have not tried it yet.

Tom Veldhouse
veldy@visi.com
----


Date: Wed, 27 Jan 1999 10:28:09 -0700 (MST)
From: Dax Kelson <dkelson@inconnect.com>
To: samba@samba.org
Subject: Samba 2.0 RedHat/PAM password troubles found and solved!
Message-ID: <Pine.LNX.4.04.9901271027520.4596-100000@brookie.inconnect.com>


I tried upgrading from samba 1.9 to 2.0 on two seperate RedHat servers,
and after both upgrades nobody could get authenticated.  The windows boxes
had the registry hacks to turn off encrypted passwords, and I'm
authenticating out of passwd+shadow.

I found many similiar posts on DejaNews and in the samba mailing list
archives.

I broke out strace and found the problem.

Samba 2.0 tries to open:

/etc/pam.d/samba  and failing (since it doesn't exist on any box I've
ever seen)

opens

/etc/pam.d/other

The contents of which are:

#%PAM-1.0
auth     required       /lib/security/pam_deny.so
account  required       /lib/security/pam_deny.so
password required       /lib/security/pam_deny.so
session  required       /lib/security/pam_deny.so

The authentication fails.

So I created the file /etc/pam.d/samba

with this content:

#%PAM-1.0
auth       required     /lib/security/pam_pwdb.so shadow
account    required     /lib/security/pam_pwdb.so
password   required     /lib/security/pam_pwdb.so shadow use_authtok
session    required     /lib/security/pam_pwdb.so

Now Samba 2.0 works and everyone can authenticate!

You probably want to add this to your FAQ, like I said I've seen dozens of
posts regarding this issue (some on FreeBSD w/PAM).

Dax Kelson
Internet Connect, Inc.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?010f01be4a24$90336d00$236319ac>