PAM and SAMBA

[Charlie Brady]

On 15 Sep 1997, Johnie Stafford wrote:

> 
> I'm trying to use samba with a win95 box and Red Hat 4.2. I have the
> default pam config files for samba:
> 
> #%PAM-1.0
> auth       required	/lib/security/pam_pwdb.so shadow nullok
> account    required	/lib/security/pam_pwdb.so
> 
> 
> When ever win95 tries to authenticate I get the following in the logs:
> 
> Sep 15 17:37:17 olympus PAM_pwdb[4224]: 1 authentication failure; (uid=0) -> jms for samba service
> 
> Any idea what I'm doing wrong? I'm new to PAM and I'm lost.

This may not be a PAM issue at all.

Can you authenticate on the Linux box using smbclient? If so, then it
isn't likely to be a PAM issue per se.

New releases of win95 are shipped with "encrypted passwords" enabled by
default. If encrypted passwords are used, then samba keeps its own
authentication database and doesn't use /etc/passwd. You will need to grab
a des library and compile that into samba. Look in ENCRYPTION.txt which
comes with the samba source for details.

If you don't want to teach samba how to deal with encrypted passwords,
there is a registry entry which tells win95 not to use them. Either  look
up the samba web pages and mailing list archives, or look at the doco
which comes with the latest version of samba.

BTW, I'm pretty sure that samba authentication against encrypted passwords
doesn't use PAM at all. If someone developed a suitable module, it could
be, and that would let you do some other PAM stuff as well. I don't know
whether it would be worth the effort though. 

Charlie Brady - Telstra  |internet: cbrady at ind.tansu.com.au
Network Products         |Snail    : Locked Bag 6581, GPO Sydney 2001 Australia
Platform Technologies    |Physical : Lvl 2, 175 Liverpool St, Sydney 2000
 IN-Sub Unit - Sydney    | Phone: +61 2 9206 3470 Fax: +61 2 9281 1301