Samba 2.0 RedHat/PAM password troubles found and solved!

Stephen L Arnold arnold.steve at ensco.com
Thu Jan 28 00:01:17 GMT 1999 

When the world was young, Dax Kelson carved some runes like this:

> Samba 2.0 tries to open:
> 
> /etc/pam.d/samba  and failing (since it doesn't exist on any box I've ever
> seen)
> 
> opens 
> 
> /etc/pam.d/other

I beg to differ ;-)  All the RedHat boxes I've been using with 
samba (RH 4.2 and 5.2) all have the /etc/pam.d/samba file, but it 
only contains the two following lines:

#%PAM-1.0
auth       required	/lib/security/pam_pwdb.so shadow nullok
account    required	/lib/security/pam_pwdb.so

Your password line in /etc/pam.d/samba means it won't look in 
smbpasswd, right?  What about the "nullok" switch?

I'm certainly clueless about most of this stuff (but I'm trying to 
learn, honest), and PAM configuration is one of them.  Any advice 
on integrating PAM/shadow/samba(w/encrypted passwords) with SRP and 
the associated exponential password suite would be greatly 
appreciated.  According to the docs, the SRP password tools (EPS) 
can be installed as a PAM module (and can be used to athenticate 
whatever services one wants).  All this is pretty confusing though 
(my tiny brain can only hold so much before it overflows).  For 
example:

I was trying to compile 1.9.18p10 the other night at home, and I 
couldn't find a set of compile options for glibc (libc6) with both 
PAM and shadow support.  As I understand it, after converting your 
/etc/passwd to /etc/shadow all the other commands (adduser, etc) 
should then use the shadow file transparently (ie, they should work 
just like they did before).  Does that mean I can just add the
-DSHADOW_PWD
or do I need to add the -lshadow lib support too?  It looks like 
the libc5 setup uses the shadow lib, but the libc6 setup doesn't. 
Is that correct?

Thanks in advance for any pointers, etc, etc.


****************************************************************
Stephen L. Arnold                        Senior Systems Engineer
ENSCO Inc.                        email:  arnold.steve at ensco.com
P.O. Box 5488                         www:  http://www.ensco.com
Vandenberg AFB, CA  93437             voice: 805.734.8232 x68838
                                               fax: 805.734.4779
#include <std_disclaimer.h>
****************************************************************

More information about the samba mailing list