pam_smbpass and LDAP....

Bartlomiej Solarz-Niesluchowski B.Solarz-Niesluchowski at wsisiz.edu.pl
Thu Jul 25 09:36:02 GMT 2002 

At 11:05 2002-07-25 -0500, Steve Langasek wrote:
>I've checked a pam_smbpass binary built from CVS HEAD, and it is
>correctly linked against libldap; libldap provides the ldap_value_free
>function.  If you're seeing different behavior, either -lldap is not
>being correctly added to the LIBS line when Samba builds, or your
>libldap is missing some symbols that pam_smbpass is expecting.

in Makefile:
LIBS=-lacl  -ldl -lnsl -lpam -lpopt
LDAPLIBS=-lresolv -lldap -llber

bin/pam_smbpass.so: $(PAM_SMBPASS_OBJ) bin/.dummy
         @echo Linking shared library $@
         $(SHLD) -shared -o $@ $(PAM_SMBPASS_OBJ) $(LDFLAGS) -lpam 
$(DYNEXP) $(LIBS) -lc \
                 -Wl,-soname=`basename $@`

I changed to:
bin/pam_smbpass.so: $(PAM_SMBPASS_OBJ) bin/.dummy
         @echo Linking shared library $@
         $(SHLD) -shared -o $@ $(PAM_SMBPASS_OBJ) $(LDFLAGS) -lpam 
$(DYNEXP) $(LIBS) $(LDAPLIBS) -lc \
                 -Wl,-soname=`basename $@`

and after that:
portraits:/usr/src/redhat/BUILD/samba-2.2.5/source# ldd bin/pam_smbpass.so
         libpam.so.0 => /lib/libpam.so.0 (0x40081000)
         libacl.so.1 => /lib/libacl.so.1 (0x4008a000)
         libdl.so.2 => /lib/libdl.so.2 (0x40091000)
         libnsl.so.1 => /lib/libnsl.so.1 (0x40094000)
         libpopt.so.0 => /usr/lib/libpopt.so.0 (0x400a8000)
         libresolv.so.2 => /lib/libresolv.so.2 (0x400af000)
         libldap.so.2 => /usr/lib/libldap.so.2 (0x400bf000)
         liblber.so.2 => /usr/lib/liblber.so.2 (0x400e9000)
         libc.so.6 => /lib/libc.so.6 (0x400f3000)
         libattr.so.1 => /lib/libattr.so.1 (0x4021a000)
         libsasl.so.7 => /usr/lib/libsasl.so.7 (0x4021d000)
         libssl.so.2 => /lib/libssl.so.2 (0x40228000)
         libcrypto.so.2 => /lib/libcrypto.so.2 (0x40255000)
         /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)
         libgdbm.so.2 => /usr/lib/libgdbm.so.2 (0x4031c000)
         libcrypt.so.1 => /lib/libcrypt.so.1 (0x40322000)

Module load correctly (no messages in messages), but it does not work 
correctly:
portraits:~$ passwd
Changing password for user tester.
Enter login(LDAP) password:
Changing password for tester
Current SMB password:
passwd: Authentication token manipulation error

(when i try smbpasswd it works)

system-auth (RH 73)
password    required      /lib/security/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5 
shadow
password    required    /lib/security/pam_ldap.so use_authtok
password   required    /lib/security/pam_smbpass.so smbconf=/etc/samba/smb.conf
password    required      /lib/security/pam_deny.so

(system-auth seems be ok because I use it on different machine and it works 
- but on different machine is no LDAP)....


--
Bartlomiej Solarz-Niesluchowski, Administrator WSISiZ
e-mail: B.Solarz-Niesluchowski at wsisiz.edu.pl

More information about the samba-technical mailing list