[Samba] Samba Hylafax PAM
L.P.H. van Belle
belle at bazuin.nl
Tue Jan 26 10:56:58 UTC 2016
O, try the following.
Test this first.
ldd /usr/sbin/hfaxd
if you getting libpam.so.. something, then hylafax is compiled with pam support.
Next,
apt-get install libpam-ldap ( just to be sure, i do believe you have installed it already )
create the file :
/etc/pam.d/hylafax
Add :
auth required pam_ldap.so
account required pam_ldap.so
session required pam_ldap.so
and check the content of :
/etc/pam_ldap.conf
And this as example adjust as needed.
base dc=domain,dc=local
uri ldap://dc01.domain.local/ ldap://dc02.domain.local/
ldap_version 3
binddn auth_ldap_user at domain.local
bindpw password
rootbinddn auth_ldap_user at domain.local
pam_filter objectclass=user
pam_login_attribute sAMAccountName
pam_password crypt
^^ test with and without the pam_password crypt
And test with
pam_password bind
Greetz,
Louis
Van: Marcel Ebbrecht [mailto:m.ebbrecht at dortmundit.de]
Verzonden: maandag 25 januari 2016 19:54
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] Samba Hylafax PAM
Hi Louis,
I gave it another shot - but without success.
System: Debian Jessie, Hylafax-Server 6.0.6, pam 1.1.8, libpam-ldapd
0.9.4, nslcd 0.9.4 (all actual debian packets from stable),
sernet-samba-*-4.2.7-8
I got a Samba4 AD DC and use winbind or pam_ldapd on many servers successfully. On the specific machine (asterisk with hylafax and iaxmodem - works like a charm) pam works - I can switch to a different user, login by ssh with ad users a.s.o. - everything works, except hylafax auth :(
I can also login with user created with hylafax itself. But when I put
auth required pam_access.so
auth sufficient pam_ldap.so
account sufficient pam_ldap.so
password sufficient pam_ldap.so
in /etc/pam.d/hylafax, I get
Jan 25 08:28:40 voip1 HylaFAX[1560]: pam_ldap(hylafax:auth): conversation failed
Jan 25 08:28:40 voip1 HylaFAX[1560]: pam_ldap(hylafax:auth): conversation failed
Jan 25 08:28:40 voip1 HylaFAX[1560]: pam_ldap(hylafax:auth): failed to get password: Authentication token manipulation error
Same result with winbind and classic pam_ldap without nslcd :(
I dont want to spam you - what kind information do you want :)
Greetings :)
Marcel
Am 18.01.2016 um 11:48 schrieb L.P.H. van Belle:
> Hai,
>
> I dont have hylafax running atm, but can you check for the following.
>
> /etc/pam.d/common-account/password/session .. etc. and pam_ldap
>
> Look for any : minimum_uid=1000 if you see that, remove "minimum_uid=1000"
> And whats the UID for user : hylafax
>
> After the changes,
> stop nslcd.
> Restart samba
> Restart hylafax
>
> If needed reboot the server.
> And check again.
>
> This is the first and only i can think of, it would be handy if above does not work, you share some more info of your config.
>
>
> Greetz,
>
> Louis
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Marcel Ebbrecht
>> Verzonden: maandag 18 januari 2016 10:15
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] Samba Hylafax PAM
>>
>>
Hi,
I posted this also on hylafax list - maybe here is someone with a hint.
System: Debian Jessie, Hylafax-Server 6.0.6, pam 1.1.8, libpam-ldapd
0.9.4, nslcd 0.9.4 (all actual debian packets from stable),
sernet-samba-*-4.2.7-8
After a switch from OpenLDAP to a Samba 4.2 based LDAP Server, I cannot
auth users anymore in Hylafax, everything else works. All on Debian
Jessie.
Strace:
11:30:44.510380 send(2, "<83>Jan 9 11:30:44 HylaFAX[25657]:
pam_ldap(hylafax:auth): conversation failed", 79, MSG_NOSIGNAL) = 79
<0.000066>
11:30:44.510592 send(2, "<83>Jan 9 11:30:44 HylaFAX[25657]:
pam_ldap(hylafax:auth): conversation failed", 79, MSG_NOSIGNAL) = 79
<0.000041>
11:30:44.510875 send(2, "<83>Jan 9 11:30:44 HylaFAX[25657]:
pam_ldap(hylafax:auth): failed to get password: Authentication token
manipulation error", 123, MSG_NOSIGNAL) = 123 <0.000060>
To shorten my mail: Is there anyone out there who made it? I mean
authentication for hylafax against a Samba 4 DC ? I tried: pam_ldap,
pam_winbind, ... everything (ssh local login, ...) works, except hylafax.
Any hints?
Greetings
Marcel
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>
>
>
More information about the samba
mailing list