[PATCH] Remove pam_smbpass module from Samba source code

Rowland Penny repenny241155 at gmail.com
Fri Mar 11 08:23:05 UTC 2016

On 10/03/16 16:27, Simon Nagl wrote:
>> Am 10.03.2016 um 12:09 schrieb Volker Lendecke <Volker.Lendecke at SerNet.DE>:
>> On Thu, Mar 10, 2016 at 11:24:10AM +0100, Simon Nagl wrote:
>>> I have a problem using pam_smbpass. After looking
>>> searching in the sources and this mailing list I noticed
>>> pam_smbpass is removed with version 4.4. I am actual using
>>> version 4.3.
>>> I have multiple Network attached storages wich need to
>>> have local accounts. These accounts should be used to for
>>> samba and other unix services. Till now I updated unix and
>>> samba accounts separately. For that I tried to use
>>> pam_smbpass with the migrate option but it did not work.
>>> Trying to log in with ssh tells me:
>>> packet_write_wait: Connection to 192.168.xxx.xxx: Broken pipe
>>> Now I have some questions:
>>> 1) Can you imagine to implement a pam_module which can be used for my use-case?
>> pam_winbind should do it. Of course winbind must be running
>> locally.
> Then I think I need some help. I agree with you that when running winbind locally pam_winbind can be used to sync passwords.
> But user administration must be done twice. For example if I want to create a new user „testuser“ it needs two steps:
> # useradd testuser
> # pdbedit -a -u testuser
> I do not see a way to configure pam to add a samba user.

You could use the ldapsam backend (you may in fact be using it, cannot 
tell unless you post your smb.conf) and then use ldapsam:editposix along 
with smbpasswd (you will need to patch pdb_ldap.c).
You will then be able to add users with smbpasswd and will not need Unix 


> Also I cannot add a samba user without a corresponding unix user.
> Is it possible to configure samba to authenticate agains a local ldap-server without joining a domain?
> Then this could be a possible configuration.
> Simon

More information about the samba-technical mailing list