Samba 2.0 RedHat/PAM password troubles found and solved!
Dax Kelson
dkelson at inconnect.com
Wed Jan 27 17:28:09 GMT 1999
I tried upgrading from samba 1.9 to 2.0 on two seperate RedHat servers,
and after both upgrades nobody could get authenticated. The windows boxes
had the registry hacks to turn off encrypted passwords, and I'm
authenticating out of passwd+shadow.
I found many similiar posts on DejaNews and in the samba mailing list
archives.
I broke out strace and found the problem.
Samba 2.0 tries to open:
/etc/pam.d/samba and failing (since it doesn't exist on any box I've
ever seen)
opens
/etc/pam.d/other
The contents of which are:
#%PAM-1.0
auth required /lib/security/pam_deny.so
account required /lib/security/pam_deny.so
password required /lib/security/pam_deny.so
session required /lib/security/pam_deny.so
The authentication fails.
So I created the file /etc/pam.d/samba
with this content:
#%PAM-1.0
auth required /lib/security/pam_pwdb.so shadow
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_pwdb.so shadow use_authtok
session required /lib/security/pam_pwdb.so
Now Samba 2.0 works and everyone can authenticate!
You probably want to add this to your FAQ, like I said I've seen dozens of
posts regarding this issue (some on FreeBSD w/PAM).
Dax Kelson
Internet Connect, Inc.
More information about the samba
mailing list