PAM w/ OPIE
Robert Flemming
flemming at spiralout.net
Thu Jan 17 14:17:02 GMT 2002
It seems I may be the first to try, but has anyone had any experience in
setting up Samba as a PDC then using the OPIE modules for PAM to try and setup
an NT domain that requires one time passwords? Now that you've all answered
no, here's where I'm at. Samba is up and running as a PDC and functioning
using /etc/passwd and unencrypted passwords, that part I know is good. After
switching pam_opie.so to required from sufficient things fall apart and
authentication no longer works. However the catch is I know PAM is passing
things off to the opie module and that it is succeeding because /etc/opiekeys
shows the sequence number decreasing which would not happen had authentication
not succeeded. Turning on debugging for Samba shows a basic password type
failure:
[2002/01/17 21:49:34, 0] passdb/pampass.c:smb_pam_passcheck(828)
smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User flemming !
I'm not sure where to go with this since it is kind of obscure, but the
individual components are nothing too odd and putting them together should
just work. The silly part is it looks like it is working and the problem is
internal to Samba. Any thoughts or tips are appreciated.
Robert
More information about the samba
mailing list