Samba 2.0 RedHat/PAM password troubles found and solved!

Steve Grose sgrose at cmps.com
Wed Jan 27 19:26:16 GMT 1999


With the author's permission, I am posting this message here that was
originally posted on the redhat newsgroup:

> I tried upgrading from samba 1.9 to 2.0 on two seperate RedHat servers,
> and after both upgrades nobody could get authenticated.  The windows boxes
> had the registry hacks to turn off encrypted passwords, and I'm
> authenticating out of passwd+shadow.
>
> I found many similiar posts on DejaNews and in the samba mailing list
> archives.
>
> I broke out strace and found the problem.
>
> Samba 2.0 tries to open:
>
> /etc/pam.d/samba  and failing (since it doesn't exist on any box I've
> ever seen)
>
> opens
>
> /etc/pam.d/other
>
> The contents of which are:
>
> #%PAM-1.0
> auth     required       /lib/security/pam_deny.so
> account  required       /lib/security/pam_deny.so
> password required       /lib/security/pam_deny.so
> session  required       /lib/security/pam_deny.so
>
> The authentication fails.
>
> So I created the file /etc/pam.d/samba
>
> with this content:
>
> #%PAM-1.0
> auth       required     /lib/security/pam_pwdb.so shadow
> account    required     /lib/security/pam_pwdb.so
> password   required     /lib/security/pam_pwdb.so shadow use_authtok
> session    required     /lib/security/pam_pwdb.so
>
> Now Samba 2.0 works and everyone can authenticate!
>
> You probably want to add this to your FAQ, like I said I've seen dozens of
> posts regarding this issue (some on FreeBSD w/PAM).




More information about the samba mailing list