password syncing using pam when using ldap for system auth

bryan hunt bryan.hunt at ossidian.com
Fri Jan 3 14:03:00 GMT 2003 

 I am using samba and ldap.
 LDAP is used for linux login and imap authentication.
 Samba is used for domain login and file sharing.

 Everything is up and running with one exception

 When I try to do a password change from a windows machine I
 get the following error ( repeated about 8 times )

 [2003/01/02 18:51:48, 0] lib/util_sec.c:assert_gid(114)
   Failed to set gid privileges to (0,65534) now set to (0,-1) uid=(0,65534)
 [2003/01/02 18:51:48, 0] lib/util.c:smb_panic(1094)
   PANIC: failed to set gid

 If I get rid of the password syncing option in the smb.conf
 the password gets changed with no problems but with
 the
  pam password change = yes
 option set in the file the user password change fails .

 I want to get the password syncing working because it would be
 cool for my users to have a single password for mail/unix stuff etc.

 Anyone encountered this before ? I've done a lot of googling and searched
 the bugs database but nobody seems to have encountered this problem before.

 I can change a users unix ( ldap )  password straight from the command line
 (using the passwd program) without any problems.

 This is the /etc/pam.d/passwd configuration that I have
 set up ....

 #%PAM-1.0
 auth       sufficient   /lib/security/pam_ldap.so
 auth       required     /lib/security/pam_unix_auth.so use_first_pass
 account    sufficient   /lib/security/pam_ldap.so
 account    required     /lib/security/pam_unix_acct.so
 # I commented this out in case samba couldn't handle it ...
 #password   required    /lib/security/pam_cracklib.so retry=3
 password   sufficient   /lib/security/pam_ldap.so
 password   required     /lib/security/pam_pwdb.so try_first_pass

 This is the /etc/pam.d/samba config ....

 #%PAM-1.0
 auth       sufficient   /lib/security/pam_ldap.so
 auth       required     /lib/security/pam_unix_auth.so try_first_pass
 account    sufficient   /lib/security/pam_ldap.so
 account    required     /lib/security/pam_unix_acct.so

 I also tried this config .....

 #%PAM-1.0
 auth       required     /lib/security/pam_nologin.so
 auth       required     /lib/security/pam_stack.so service=system-auth
 account    required     /lib/security/pam_stack.so service=system-auth
 session    required     /lib/security/pam_stack.so service=system-auth
 password   required     /lib/security/pam_stack.so service=system-auth

 No errors with that one but the password remained unchanged ....

 Any ideas guys ? I reckon I must have screwed up the pam configuration
 for /etc/pam.d/samba but I am no pam expert so I am currently thrashing
 arround in the dark ....

 Kind Regards

 Bryan

More information about the samba-technical mailing list