password syncing using pam when using ldap for system auth
bryan hunt
bryan.hunt at ossidian.com
Fri Jan 3 14:03:00 GMT 2003
I am using samba and ldap.
LDAP is used for linux login and imap authentication.
Samba is used for domain login and file sharing.
Everything is up and running with one exception
When I try to do a password change from a windows machine I
get the following error ( repeated about 8 times )
[2003/01/02 18:51:48, 0] lib/util_sec.c:assert_gid(114)
Failed to set gid privileges to (0,65534) now set to (0,-1) uid=(0,65534)
[2003/01/02 18:51:48, 0] lib/util.c:smb_panic(1094)
PANIC: failed to set gid
If I get rid of the password syncing option in the smb.conf
the password gets changed with no problems but with
the
pam password change = yes
option set in the file the user password change fails .
I want to get the password syncing working because it would be
cool for my users to have a single password for mail/unix stuff etc.
Anyone encountered this before ? I've done a lot of googling and searched
the bugs database but nobody seems to have encountered this problem before.
I can change a users unix ( ldap ) password straight from the command line
(using the passwd program) without any problems.
This is the /etc/pam.d/passwd configuration that I have
set up ....
#%PAM-1.0
auth sufficient /lib/security/pam_ldap.so
auth required /lib/security/pam_unix_auth.so use_first_pass
account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_unix_acct.so
# I commented this out in case samba couldn't handle it ...
#password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_ldap.so
password required /lib/security/pam_pwdb.so try_first_pass
This is the /etc/pam.d/samba config ....
#%PAM-1.0
auth sufficient /lib/security/pam_ldap.so
auth required /lib/security/pam_unix_auth.so try_first_pass
account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_unix_acct.so
I also tried this config .....
#%PAM-1.0
auth required /lib/security/pam_nologin.so
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
No errors with that one but the password remained unchanged ....
Any ideas guys ? I reckon I must have screwed up the pam configuration
for /etc/pam.d/samba but I am no pam expert so I am currently thrashing
arround in the dark ....
Kind Regards
Bryan
More information about the samba-technical
mailing list