[Samba] PAM session trouble
Andrew Bartlett
abartlet at samba.org
Mon Aug 5 03:22:03 GMT 2002
David Wright wrote:
>
> I am using PAM and pam_smbpass.so with Samba 2.999 (Debian sid package).
>
> If, in /etc/pam.d/samba, I set
> session required pam_smbpass.so
> then login fails, and the log says:
> [2002/08/04 15:43:26, 0] auth/pampass.c:smb_pam_error_handler(73)
> smb_pam_error_handler: PAM: session setup failed : Module is unknown
> [2002/08/04 15:43:26, 1] smbd/session.c:session_claim(103)
> pam_session rejected the session for ichbin [smb/1]
> [2002/08/04 15:43:26, 1] smbd/password.c:register_vuid(285)
> Failed to claim session for vuid=101
>
> If I set
> session required pam_permit.so
> then there is no problem, although auth, account, and password are still
> set to use pam_smbpass.so.
Well, there isn't any point. In Samba '2.999' aka HEAD snapshot Samba
will never call PAM for authenticaion when 'encrypt passwords = yes',
and while it will use pam for 'account' controls, it won't gain you
anything - its the same checks that are already done.
And if you have an smbpasswd file, ten I'll assume you are using
encrypted passwords :-)
(Well, there is a point if you are using SWAT, but other than that,
there isn't any point)
> Does this mean pam_smbpass doesn't implement session? If so, what should
> I use instead? If not, what is going on here?
Indeed, pam_smbpass does not implement 'session' as there is no logical
action that is should perform. pam_unix is probably a good choice.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba
mailing list