[Samba] pam_smbpass
abartlet at dp.samba.org
abartlet at dp.samba.org
Tue Aug 20 20:25:00 GMT 2002
On Wed, Aug 21, 2002 at 01:05:48AM -0400, Bradley W. Langhorst wrote:
>
> Okay - I've got samba working as a PDC with and ldap backend.
>
> I want to have some users not be in ldap (like the built in stuff like
> cyrus, mail, lp etc)
>
>
> I can get that to work with the pam_ldap and pam_unix but pam_smbpass
> doesn't seem to return user_unknown as i expect for users who are not in
> the ldap database
>
> does this make sense?
Yes, this patch is correct. I was under the impression that this had been
fixed, but I'll fix it in HEAD...
> --- pam_smb_passwd.c 12 Feb 2002 15:56:19 -0000 1.1.2.8
> +++ pam_smb_passwd.c 20 Aug 2002 23:41:57 -0000
> @@ -126,9 +126,9 @@
>
> /* obtain user record */
> pdb_init_sam(&sampass);
> - pdb_getsampwnam(sampass,user);
> + /*pdb_getsampwnam(sampass,user);*/
>
> - if (sampass == NULL) {
> + if (!pdb_getsampwnam(sampass,user)) {
> _log_err( LOG_ALERT, "Failed to find entry for user %s.", user
> );
> return PAM_USER_UNKNOWN;
> }
>
> I don't think there should be any difference between these two bits of
> code (and I've not yet tested it) but I don't understand why this is
> failing...
It depends on initialisation etc - if that call fails, it wont touch the
sampass and the 'init' ensures it's not NULL.
> password requisite pam_cracklib.so retry=3 minlen=6 difok=3 debug
> password [user_unknown=ignore success=ok new_authtok_reqd=ok
> ignore=ignore default=bad] pam_ldap.so use_first_pass
> password required pam_unix.so use_first_pass nullok md5 debug
> password [user_unknown=ignore success=ok new_authtok_reqd=ok
> ignore=ignore default=bad] pam_smbpass.so use_first_pass audit
This looks this a useful config...
Andrew Bartlett
More information about the samba
mailing list