root can't log into SWAT
Alexander Bokovoy
a.bokovoy at sam-solutions.net
Tue Nov 4 13:12:50 GMT 2003
On Wed, Nov 05, 2003 at 09:07:16AM -0500, Scott Phelps wrote:
> > > #%PAM-1.0
> > > auth required pam_smbpass.so nodelay
> > > account required /lib/security/pam_stack.so service=system-auth
> > > session required /lib/security/pam_stack.so service=system-auth
> > > password required pam_smbpass.so nodelay smbconf=/etc/samba/smb.conf
> > Well, this PAM file does not need to be based on pam_smbpass actually. You
> > can use just system-auth instead.
> >
> > >
> > > BTW heres the output of my swat log:
> > > [2003/11/04 05:00:16, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(189)
> > > startsmbfilepwent_internal: file /etc/samba/private/smbpasswd did not
> > > exist. File successfully created.
> > > [2003/11/04 05:00:16, 0] auth/pampass.c:smb_pam_passcheck(810)
> > > smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User root !
> > > Does root need a smbpasswd entry?
> > In your current configuration, yes, it needs -- because you have
> > configured it to check password against smbpasswd instead of existing
> > system database (shadow, probably).
>
> Thank you very much! However, this is not the behavior I want. I just
> want to check password against the shadow file _only_. How can I fix
> this?
Use proper PAM configuration for /etc/pam.d/samba. Note that this
configuration file isn't for authenticating services through samba but for
samba-based applications instead.
--
/ Alexander Bokovoy
Samba Team http://www.samba.org/
ALT Linux Team http://www.altlinux.org/
Midgard Project Ry http://www.midgard-project.org/
More information about the samba-technical
mailing list