[Samba] Fwd: RE: Welcome to the "samba" mailing list

[dimidivi]

Hello, 
 
I have a Solaris 10 machine (SunOS 5.10
Generic_118833-18 sun4u sparc)
installed with Samba Version 3.0.23a.
Samba has been compiled from source with PAM modules. 
The modules 'pam_smbpass.so' and 'pam_winbind.so'
reside at: /usr/local/samba/lib/security
smb.conf is located at /usr/local/samba/lib/

We are talking about /etc/pam.conf, not /etc/pam.d/
configuration with separate files. 
The modules for pam.conf are in /usr/lib/security/$ISA
(default).

This is what I want: 
Users have a unix shell and use a tool that exports
the output to an CSV file on the samba share. 
I'm forced to use password expiration. I would like
the users to change their password only once. 
Either by syncing the /etc/password or /etc/shadow
file with the smbpassword file, or by just validating
the samba login against the
/etc/password or /etc/shadow file. I don't really
care, as long as it works.

I've been searching documentation, mail list archives,
How-to's and man pages, I've tried with trial and
error. I raised the debug levels for
smbd and nmbd and checked the log files for hints,
including the system log files. 

I just cannot get it to work. The smbpasswd file
remains unchanged after a password change. Am I just
not understanding the concept here, or is
there a simple thing I've forgotten or overlooking??

Question: 
What is the service name for samba to be used in
pam.conf?? I assumed (and read her and there) it is
'samba'. But is it really?? 
PAM describes the service name should stated in the
man page of the service. This is not the case with
smnd or nmbd (at least, I can't find it). 

Below are some summaries from both pam.conf and
smb.conf. Just the things I think that are related.
But if someone need the whole thing, please let me
know.

Is there anyone who can help me?? I really need to
get it working one way or another. 

Many thanks for your effort. It's much appreciated!

Dimitry
---------------------------------------

/etc/pam.conf
 samba   auth       required     pam_unix_cred.so.1
 samba   auth       required     pam_unix_auth.so.1
 samba   account    required    
 pam_unix_account.so.1
 samba   password   required     pam_dhkeys.so.1
 samba   password   requisite    pam_authtok_get.so.1
 shadow md5
 use_authtok try_first_pass
 samba   password   requisite   
 pam_authtok_check.so.1
 samba   password   required    
 pam_authtok_store.so.1
 samba   password   requisite
 /usr/local/samba/lib/security/pam_smbpass.so nullok
 use_authtok
 try_first_pass debug
 smbconf=/usr/local/samba/lib/smb.conf
 samba   session    required    
 pam_unix_session.so.1
  
 
smb.conf
   security = user
   log file = /usr/local/samba/var/log.%m
   max log size = 500
;  local master = no
;  os level = 33
;  domain master = yes
;  preferred master = yes
;  domain logons = yes
;  wins support = yes
;  wins server = w.x.y.z
;  wins proxy = yes
   dns proxy = no
;  add user script = /usr/sbin/useradd %u
;  add group script = /usr/sbin/groupadd %g
;  add machine script = /usr/sbin/adduser -n -g
machines -c Machine -d
/dev/null -s /bin/false %u
;  delete user script = /usr/sbin/userdel %u
;  delete user from group script = /usr/sbin/deluser
%u %g
;  delete group script = /usr/sbin/groupdel %g
;  passdb backend = tdbsam

   pam password change = Yes
   obey pam restrictions = Yes
   passwd program = /usr/bin/passwd .%u.
   passwd chat = *New*Password* %n\n \
*Re-enter*new*password* %n\n
*Password*changed*
   passwd chat debug = yes
   unix password sync = Yes
   encrypt passwords = yes

[search]
   comment = CDR Searches
   path = /data/searches
   public = no
   writable = no
   printable = no
---------------------------------------


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com