SV: Problems compiling --with-PAM on HP-UX 11.00 64.

Wed Jul 26 08:02:52 GMT 2000

Okay, that means the authentication goes fine but no tokens are created!
Yes, you just cut out the bit of code and save it in a file say AFS-patch

in the samba top-level directory and then you run the command

patch  < AFS-patch
(You may need to supply options to patch maybe -p0 or -p1)

This should make the necessary adjustments to the file passdb/pass_check.c

Then, you just run make again and then make install.

Thanks
Clement

On Wed, 26 Jul 2000, Nilsson Christian wrote:

> Hi!
> I've tried to add services samba to /etc/pam.conf and now i got permission
> denied when i try to mount.
> About this patch code can I only add it to the end of passdb/pass_check.c
> and then make?
> Regards
> Christian
> 
> -----Ursprungligt meddelande-----
> Från: Onime Clement [mailto:onime at ictp.trieste.it]
> Skickat: den 26 juli 2000 09:49
> Till: samba-technical at samba.org
> Ämne: Re: Problems compiling --with-PAM on HP-UX 11.00 64. 
> 
> 
> 
> With PAM support enabled, I expect you need to add entries (for samba) to
> the HP system PAM configuration.
> This is /etc/pam.conf and the suggested entries for AFS/samba are:
> 
> samba   auth optional   /usr/lib/security/libpam_unix.1 
> samba   auth sufficient         /usr/lib/security/pam_afs.so use_first_pass
> ignore_root
> samba   auth required           /usr/lib/security/libpam_unix.1
> use_first_pass
> samba   account required        /usr/lib/security/libpam_unix.1 
> 
> Note: That the third authentication entry (with required) is necessary to
> prevent login if the user fails both the AFS login and the system's login.
> 
> Finally you may need to add the following bit of patch code to the file
> passdb/pass_check.c
> 
> --- passdb/pass_check.c.orig    Wed May 31 00:28:44 2000
> +++ passdb/pass_check.c Wed Jun  7 14:33:44 2000
> @@ -129,4 +129,13 @@                 
>    pam_error = pam_acct_mgmt(pamh, PAM_SILENT);
>    PAM_BAIL;                         
> +       /* Now set the session credentials...
> +       */                           
> +#ifdef PAM_ESTABLISH_CRED           
> +       pam_error = pam_setcred(pamh, PAM_ESTABLISH_CRED);
> +#else                               
> +       pam_error = pam_setcred(pamh, PAM_CRED_ESTABLISH);
> +#endif                              
> +       PAM_BAIL;                    
> +               
>    pam_end(pamh, PAM_SUCCESS);
>    /* If this point is reached, the user has been authenticated. */
> 
> 
> Basically, the above ensures that smbd will be able to set the AFS
> token after authentication.
> 
> The above worked/works for me on a Solaris 2.7 system with Samba 2.0.7!
> 
> Thanks
> Clement Onime
> 
> 