SV: Problems compiling --with-PAM on HP-UX 11.00 64.
onime at ictp.trieste.it
Wed Jul 26 08:02:52 GMT 2000
Okay, that means the authentication goes fine but no tokens are created!
Yes, you just cut out the bit of code and save it in a file say AFS-patch
in the samba top-level directory and then you run the command
patch < AFS-patch
(You may need to supply options to patch maybe -p0 or -p1)
This should make the necessary adjustments to the file passdb/pass_check.c
Then, you just run make again and then make install.
On Wed, 26 Jul 2000, Nilsson Christian wrote:
> I've tried to add services samba to /etc/pam.conf and now i got permission
> denied when i try to mount.
> About this patch code can I only add it to the end of passdb/pass_check.c
> and then make?
> -----Ursprungligt meddelande-----
> Från: Onime Clement [mailto:onime at ictp.trieste.it]
> Skickat: den 26 juli 2000 09:49
> Till: samba-technical at samba.org
> Ämne: Re: Problems compiling --with-PAM on HP-UX 11.00 64.
> With PAM support enabled, I expect you need to add entries (for samba) to
> the HP system PAM configuration.
> This is /etc/pam.conf and the suggested entries for AFS/samba are:
> samba auth optional /usr/lib/security/libpam_unix.1
> samba auth sufficient /usr/lib/security/pam_afs.so use_first_pass
> samba auth required /usr/lib/security/libpam_unix.1
> samba account required /usr/lib/security/libpam_unix.1
> Note: That the third authentication entry (with required) is necessary to
> prevent login if the user fails both the AFS login and the system's login.
> Finally you may need to add the following bit of patch code to the file
> --- passdb/pass_check.c.orig Wed May 31 00:28:44 2000
> +++ passdb/pass_check.c Wed Jun 7 14:33:44 2000
> @@ -129,4 +129,13 @@
> pam_error = pam_acct_mgmt(pamh, PAM_SILENT);
> + /* Now set the session credentials...
> + */
> +#ifdef PAM_ESTABLISH_CRED
> + pam_error = pam_setcred(pamh, PAM_ESTABLISH_CRED);
> + pam_error = pam_setcred(pamh, PAM_CRED_ESTABLISH);
> + PAM_BAIL;
> pam_end(pamh, PAM_SUCCESS);
> /* If this point is reached, the user has been authenticated. */
> Basically, the above ensures that smbd will be able to set the AFS
> token after authentication.
> The above worked/works for me on a Solaris 2.7 system with Samba 2.0.7!
> Clement Onime
More information about the samba-technical