pam_smbpass
Brad Langhorst
brad at langhorst.com
Tue May 15 23:28:35 GMT 2001
> However, when you want ALL authentication modules to say 'YES' before
> things procede, you need to make them all 'required'. But if you
> 'require' pam_deny, then they will all fail. So you remove the
> pam_deny, knowing that the user is 'required' to pass both pam_smbpass
> and pam_unix in any case.
>
> Hope this clears it up,
very much so!
The multiple sufficient lines had me all screwed up - now i think i
understand that those only fail because we are changing the password.
thanks!
After your change and making a symlink to smbpasswd in /etc (from
/etc/samba/smbpasswd) things seem to be working
with one caveat...
when a user types passwd he is prompted for both
the old unix password AND the old samba password.
This is inconvenient so I've tried a couple of things to avoid it.
Putting "use_first_pass" on the smbpass causes the password
change to fail with
"password - (old) token not obtained"
if smbpass is aboce pam_unix
it fails saying "No password supplied" if it's below.
Is there a way to fix that final quirk?
thanks for your help!
brad
brad
More information about the samba-technical
mailing list