samba ldap pam password syncing woes
bryan hunt
bryan.hunt at ossidian.com
Thu Jan 2 20:20:00 GMT 2003
I am using an experimental configuration of samba with ldap.
LDAP is used for linux login and imap authentication.
Samba is used for domain login and file sharing.
I have got the following ldap|pam|samba stuff installed on the system
pam-0.75-25mdk
samba-client-2.2.6-1.1mdk
nss_ldap-202-1.1mdk
perl-Authen-PAM-0.13-3mdk
samba-common-ldap-2.2.6-1.1mdk
samba-server-ldap-2.2.6-1.1mdk
samba-winbind-ldap-2.2.6-1.1mdk
mod_auth_ldap-1.6.0-7mdk
openldap-2.0.25-7mdk
openldap-clients-2.0.25-7mdk
perl-ldap-0.26-2mdk
pam-devel-0.75-25mdk
libldap2-devel-static-2.0.25-7mdk
libldap2-2.0.25-7mdk
samba-swat-ldap-2.2.6-1.1mdk
openldap-servers-2.0.25-7mdk
openldap-back_ldap-2.0.25-7mdk
openldap-guide-2.0.25-7mdk
courier-imap-ldap-1.6.0-1mdk
libldap2-devel-2.0.25-7mdk
pam_ldap-148-3mdk
Everything is up and running with one exception
When I try to do a password change from a windows machine I
get the following error ( repeated about 8 times )
[2003/01/02 18:51:48, 0] lib/util_sec.c:assert_gid(114)
Failed to set gid privileges to (0,65534) now set to (0,-1) uid=(0,65534)
[2003/01/02 18:51:48, 0] lib/util.c:smb_panic(1094)
PANIC: failed to set gid
If I get rid of the password syncing option in the smb.conf
the password gets changed with no problems but with
the
pam password change = yes
option set in the file the user password change fails .
I want to get the password syncing working because it would be
cool for my users to have a single password for mail/unix stuff etc.
Anyone encountered this before ? I've done a lot of googling and searched
the bugs database but nobody seems to have encountered this problem before.
I can change a users unix ( ldap ) password straight from the command line
(using the passwd program) without any problems.
This is the /etc/pam.d/passwd configuration that I have
set up ....
#%PAM-1.0
auth sufficient /lib/security/pam_ldap.so
auth required /lib/security/pam_unix_auth.so use_first_pass
account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_unix_acct.so
# I commented this out in case samba couldn't handle it ...
#password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_ldap.so
password required /lib/security/pam_pwdb.so try_first_pass
This is the /etc/pam.d/samba config ....
#%PAM-1.0
auth sufficient /lib/security/pam_ldap.so
auth required /lib/security/pam_unix_auth.so try_first_pass
account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_unix_acct.so
I also tried this config .....
#%PAM-1.0
auth required /lib/security/pam_nologin.so
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
No errors with that one but the password remained unchanged ....
Any ideas guys ? I reckon I must have screwed up the pam configuration
for /etc/pam.d/samba but I am no pam expert so I am currently thrashing
arround in the dark ....
Kind Regards
Bryan
--
Bryan Hunt
Systems Enginering Manager
Ossidian Technologies Ltd
Blackrock
Co Dublin
IRELAND
Tel +353-1-2787111 Fax +353-1-2787136
More information about the samba-technical
mailing list