pam_smbpass and LDAP....

Bartlomiej Solarz-Niesluchowski B.Solarz-Niesluchowski at
Thu Jul 25 09:36:02 GMT 2002

At 11:05 2002-07-25 -0500, Steve Langasek wrote:
>I've checked a pam_smbpass binary built from CVS HEAD, and it is
>correctly linked against libldap; libldap provides the ldap_value_free
>function.  If you're seeing different behavior, either -lldap is not
>being correctly added to the LIBS line when Samba builds, or your
>libldap is missing some symbols that pam_smbpass is expecting.

in Makefile:
LIBS=-lacl  -ldl -lnsl -lpam -lpopt
LDAPLIBS=-lresolv -lldap -llber

bin/ $(PAM_SMBPASS_OBJ) bin/.dummy
         @echo Linking shared library $@
         $(SHLD) -shared -o $@ $(PAM_SMBPASS_OBJ) $(LDFLAGS) -lpam 
$(DYNEXP) $(LIBS) -lc \
                 -Wl,-soname=`basename $@`

I changed to:
bin/ $(PAM_SMBPASS_OBJ) bin/.dummy
         @echo Linking shared library $@
         $(SHLD) -shared -o $@ $(PAM_SMBPASS_OBJ) $(LDFLAGS) -lpam 
                 -Wl,-soname=`basename $@`

and after that:
portraits:/usr/src/redhat/BUILD/samba-2.2.5/source# ldd bin/ => /lib/ (0x40081000) => /lib/ (0x4008a000) => /lib/ (0x40091000) => /lib/ (0x40094000) => /usr/lib/ (0x400a8000) => /lib/ (0x400af000) => /usr/lib/ (0x400bf000) => /usr/lib/ (0x400e9000) => /lib/ (0x400f3000) => /lib/ (0x4021a000) => /usr/lib/ (0x4021d000) => /lib/ (0x40228000) => /lib/ (0x40255000)
         /lib/ => /lib/ (0x80000000) => /usr/lib/ (0x4031c000) => /lib/ (0x40322000)

Module load correctly (no messages in messages), but it does not work 
portraits:~$ passwd
Changing password for user tester.
Enter login(LDAP) password:
Changing password for tester
Current SMB password:
passwd: Authentication token manipulation error

(when i try smbpasswd it works)

system-auth (RH 73)
password    required      /lib/security/ retry=3 type=
password    sufficient    /lib/security/ nullok use_authtok md5 
password    required    /lib/security/ use_authtok
password   required    /lib/security/ smbconf=/etc/samba/smb.conf
password    required      /lib/security/

(system-auth seems be ok because I use it on different machine and it works 
- but on different machine is no LDAP)....

Bartlomiej Solarz-Niesluchowski, Administrator WSISiZ
e-mail: B.Solarz-Niesluchowski at

More information about the samba-technical mailing list