[PATCH] Remove pam_smbpass module from Samba source code

Rowland Penny repenny241155 at gmail.com
Fri Mar 11 08:58:56 UTC 2016

On 11/03/16 08:51, Andreas Schneider wrote:
> On Friday 11 March 2016 08:23:05 Rowland Penny wrote:
>> On 10/03/16 16:27, Simon Nagl wrote:
>>>> Am 10.03.2016 um 12:09 schrieb Volker Lendecke
>>>> <Volker.Lendecke at SerNet.DE>:
>>>> On Thu, Mar 10, 2016 at 11:24:10AM +0100, Simon Nagl wrote:
>>>>> I have a problem using pam_smbpass. After looking
>>>>> searching in the sources and this mailing list I noticed
>>>>> pam_smbpass is removed with version 4.4. I am actual using
>>>>> version 4.3.
>>>>> I have multiple Network attached storages wich need to
>>>>> have local accounts. These accounts should be used to for
>>>>> samba and other unix services. Till now I updated unix and
>>>>> samba accounts separately. For that I tried to use
>>>>> pam_smbpass with the migrate option but it did not work.
>>>>> Trying to log in with ssh tells me:
>>>>> packet_write_wait: Connection to 192.168.xxx.xxx: Broken pipe
>>>>> Now I have some questions:
>>>>> 1) Can you imagine to implement a pam_module which can be used for my
>>>>> use-case?>>
>>>> pam_winbind should do it. Of course winbind must be running
>>>> locally.
>>> Then I think I need some help. I agree with you that when running winbind
>>> locally pam_winbind can be used to sync passwords. But user
>>> administration must be done twice. For example if I want to create a new
>>> user „testuser“ it needs two steps:
>>> # useradd testuser
>>> # pdbedit -a -u testuser
>>> I do not see a way to configure pam to add a samba user.
>> You could use the ldapsam backend (you may in fact be using it, cannot
>> tell unless you post your smb.conf) and then use ldapsam:editposix along
>> with smbpasswd (you will need to patch pdb_ldap.c).
>> You will then be able to add users with smbpasswd and will not need Unix
>> users.
>> Rowland
> Why not use 'add user script' in smb.conf. See manpage ...

Well you could, but also from 'man smb.conf' :

        ldapsam:editposix (G)

            Editposix is an option that leverages ldapsam:trusted to make it
            simpler to manage a domain controller eliminating the need 
to set
            up custom scripts to add and manage the posix users and groups.
            This option will instead directly manipulate the ldap tree to
            create, remove and modify user and group entries. This 
option also
            requires a running winbindd as it is used to allocate new 
            on user/group creation. The allocation range must be therefore


More information about the samba-technical mailing list