[Samba] PAM session trouble

Andrew Bartlett abartlet at samba.org
Mon Aug 5 03:22:03 GMT 2002

David Wright wrote:
> I am using PAM and pam_smbpass.so with Samba 2.999 (Debian sid package).
> If, in /etc/pam.d/samba, I set
>    session  required  pam_smbpass.so
> then login fails, and the log says:
>    [2002/08/04 15:43:26, 0] auth/pampass.c:smb_pam_error_handler(73)
>      smb_pam_error_handler: PAM: session setup failed : Module is unknown
>    [2002/08/04 15:43:26, 1] smbd/session.c:session_claim(103)
>      pam_session rejected the session for ichbin [smb/1]
>    [2002/08/04 15:43:26, 1] smbd/password.c:register_vuid(285)
>      Failed to claim session for vuid=101
> If I set
>    session  required  pam_permit.so
> then there is no problem, although auth, account, and password are still
> set to use pam_smbpass.so.

Well, there isn't any point.  In Samba '2.999' aka HEAD snapshot Samba
will never call PAM for authenticaion when 'encrypt passwords = yes',
and while it will use pam for 'account' controls, it won't gain you
anything - its the same checks that are already done.

And if you have an smbpasswd file, ten I'll assume you are using
encrypted passwords :-)

(Well, there is a point if you are using SWAT, but other than that,
there isn't any point)

> Does this mean pam_smbpass doesn't implement session? If so, what should
> I use instead? If not, what is going on here?

Indeed, pam_smbpass does not implement 'session' as there is no logical
action that is should perform.  pam_unix is probably a good choice.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba mailing list