root can't log into SWAT
Alexander Bokovoy
a.bokovoy at sam-solutions.net
Tue Nov 4 12:58:09 GMT 2003
On Wed, Nov 05, 2003 at 08:46:23AM -0500, Scott Phelps wrote:
> > > Of course xinetd is running, but when I try to log in through my browser
> > > as root is says access denied.
>
> > Have you configured Samba to use PAM during build? If so, SWAT relies on
> > PAM to perform authentication and therefore you need to have correct PAM
> > settings for facility called 'samba' (usually /etc/pam.d/samba in Linux
> > PAM).
>
> Yes I did. Here's my /etc/pam.d/samba file. This is a new
> installation, and nothing has been modified:
>
> #%PAM-1.0
> auth required pam_smbpass.so nodelay
> account required /lib/security/pam_stack.so service=system-auth
> session required /lib/security/pam_stack.so service=system-auth
> password required pam_smbpass.so nodelay smbconf=/etc/samba/smb.conf
Well, this PAM file does not need to be based on pam_smbpass actually. You
can use just system-auth instead.
>
> BTW heres the output of my swat log:
> [2003/11/04 05:00:16, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(189)
> startsmbfilepwent_internal: file /etc/samba/private/smbpasswd did not
> exist. File successfully created.
> [2003/11/04 05:00:16, 0] auth/pampass.c:smb_pam_passcheck(810)
> smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User root !
> Does root need a smbpasswd entry?
In your current configuration, yes, it needs -- because you have
configured it to check password against smbpasswd instead of existing
system database (shadow, probably).
--
/ Alexander Bokovoy
Samba Team http://www.samba.org/
ALT Linux Team http://www.altlinux.org/
Midgard Project Ry http://www.midgard-project.org/
More information about the samba-technical
mailing list