Samba 2.0 RedHat/PAM password troubles found and solved!

Dax Kelson dkelson at inconnect.com
Thu Jan 28 02:34:42 GMT 1999


On Wed, 27 Jan 1999, Dr J Pelan wrote:

> 
> On Thu, 28 Jan 1999, Dax Kelson wrote:
>  
> > I tried upgrading from samba 1.9 to 2.0 on two seperate RedHat
> > servers, and after both upgrades nobody could get authenticated.  The
> > windows boxes had the registry hacks to turn off encrypted passwords,
> > and I'm authenticating out of passwd+shadow.
> 
> > Samba 2.0 tries to open:
> > 
> > /etc/pam.d/samba and failing (since it doesn't exist on any box I've
> > ever seen)
> 
> Well done locating your problem. However for sake of completeness I'll
> point out that it is on all RedHat (5.[1|2]) boxes that I've seen
> by virtue of the fact that the Samba RPM has been installed, e.g.;
> 
> % rpm -q -f /etc/pam.d/samba
> samba-1.9.18p10-3
> 
> % cat /etc/pam.d/samba 
> auth    required        /lib/security/pam_pwdb.so nullok shadow
> account required        /lib/security/pam_pwdb.so
> 
> Clearly if building sans RPM you'll miss out on that vital file.
> Perhaps this is an answer to the question posed in pass_check.c, namely
> 
>  /*
>   * Query: should we be using PAM_SILENT to shut PAM up?
>   */
> 
> John P.

Doesn't it follow that if I'm building from source and installing, I
wouldn't have the RPM installed???

What would the use be of having /usr/sbin/smbd as some old RPM version and
the new /usr/local/samba/bin/smbd?  Confusion I think.

It should be documented clearly I believe that if you are using PAM (and
most do) that you need to have /etc/pam.d/samba.

Based on digging through the archives and searching on DejaNews, many are
having trouble with this "documentation problem".

Dax Kelson
Internet Connect, Inc.



More information about the samba-technical mailing list