[Samba] pam_smbpass

Bradley W. Langhorst brad at langhorst.com
Tue Aug 20 20:08:00 GMT 2002

Okay - I've got samba working as a PDC with and ldap backend.

I want to have some users not be in ldap (like the built in stuff like
cyrus, mail, lp etc)

I can get that to work with the pam_ldap and pam_unix but pam_smbpass 
doesn't seem to return user_unknown as i expect for users who are not in
the ldap database 

does this make sense?

--- pam_smb_passwd.c    12 Feb 2002 15:56:19 -0000
+++ pam_smb_passwd.c    20 Aug 2002 23:41:57 -0000
@@ -126,9 +126,9 @@

     /* obtain user record */
-    pdb_getsampwnam(sampass,user);
+    /*pdb_getsampwnam(sampass,user);*/

-    if (sampass == NULL) {
+    if (!pdb_getsampwnam(sampass,user)) {
         _log_err( LOG_ALERT, "Failed to find entry for user %s.", user
         return PAM_USER_UNKNOWN;

I don't think there should be any difference between these two bits of
code (and I've not yet tested it) but I don't understand why this is

password requisite      pam_cracklib.so retry=3 minlen=6 difok=3 debug
password [user_unknown=ignore success=ok new_authtok_reqd=ok
ignore=ignore default=bad] pam_ldap.so use_first_pass
password required       pam_unix.so use_first_pass nullok md5 debug
password [user_unknown=ignore success=ok new_authtok_reqd=ok
ignore=ignore default=bad] pam_smbpass.so use_first_pass audit

any ideas?


More information about the samba mailing list