PAM Bug

Charles Clancy mgrtcc at cs.rose-hulman.edu
Wed Jan 10 15:17:39 GMT 2001


System: Solaris 7 / Sparc
Authentication: AFS via PAM

The account management entry in passdb/pass_check.c was causing problems.
It was letting people log in, but not keeping their AFS token for them to
access their files.

This showed up in /var/adm/messages:
Jan 10 09:57:23 tiger smbd[2830]: pam_authenticate: error Authentication
failed

I commented out the lines to make it work:

--- samba-2.0.7/source/passdb/pass_check.c      Tue Jul 20 20:25:12 1999
+++ samba-2.0.7-hacked/source/passdb/pass_check.c       Wed Jan 10
10:02:55 2001
@@ -126,8 +126,8 @@
    * to do, but it is not clear that it isn't, either.  This can be
    * removed if no account management should be done.  Alternately,
    * put a pam_allow.so entry in /etc/pam.conf for account handling. */
-  pam_error = pam_acct_mgmt(pamh, PAM_SILENT);
-  PAM_BAIL;
+//  pam_error = pam_acct_mgmt(pamh, PAM_SILENT);
+//  PAM_BAIL;
   pam_end(pamh, PAM_SUCCESS);
   /* If this point is reached, the user has been authenticated. */
   return(True);

Also, to prevent the following error in /usr/samba/var/log.smb:
[2001/01/08 22:56:06, 0] lib/pidfile.c:pidfile_create(99)
  ERROR: smbd : fcntl lock of file /usr/samba/var/locks/smbd.pid failed.
Error was No such file or directory

I had to make the following changes:

--- samba-2.0.7/source/lib/pidfile.c    Tue Jul 20 20:25:08 1999
+++ samba-2.0.7-hacked/source/lib/pidfile.c     Mon Jan  8 22:54:40 2001
@@ -94,11 +94,11 @@
                exit(1);
        }

-       if (fcntl_lock(fd,SMB_F_SETLK,0,1,F_WRLCK)==False) {
-               DEBUG(0,("ERROR: %s : fcntl lock of file %s failed. Error
was %s\n",
-              name, pidFile, strerror(errno)));
-               exit(1);
-       }
+//     if (fcntl_lock(fd,SMB_F_SETLK,0,1,F_WRLCK)==False) {
+//             DEBUG(0,("ERROR: %s : fcntl lock of file %s failed. Error
was %s\n",
+//              name, pidFile, strerror(errno)));
+//             exit(1);
+//     }

        memset(buf, 0, sizeof(buf));
        slprintf(buf, sizeof(buf) - 1, "%u\n", (unsigned int) getpid());

I'm not sure what the locking problem was -- the file was definitely
there.  I'm not sure why it thought it wasn't.  Is there any problems with
running samba the way I've hacked it?  Thanks!
_______________________________________________________
      Charles Clancy -- mgrtcc at cs.rose-hulman.edu
Senior UNIX Administrator, Rose-Hulman Computer Science





More information about the samba mailing list