[Samba] pam_smbpass and ldap
rossp at ppc.ucsc.edu
rossp at ppc.ucsc.edu
Thu Feb 20 18:19:03 GMT 2003
I upped teh "loge level" in my smb.conf jsut to see if that would give
me anything. Even at log level = 10 the samba logs say nothing when I
do "passwd test0". In my pam.d/passwd file I have one line for
testing, "password required pam_smbpass.so". running "passwd test0"
looks like this:
ppc-test:~# passwd test0
Enter new SMB password:
Retype new SMB password:
Failed to find entry for user test0.
passwd: Authentication token manipulation error
auth.log says:
Feb 20 17:58:00 ppc-test PAM_smbpass[513]: username [test0] obtained
Feb 20 17:58:00 ppc-test PAM_smbpass[513]: username [test0] obtained
Feb 20 17:58:03 ppc-test PAM_smbpass[513]: password change failed for
user test0
and the samba logs with log level at 10 say nothing.
Do I need auth or other lines in pam.d/passwd? If so, why cause
debian comes with only password lines in pam.d/passwd? Straces show
pam.d/other being opened. other in configured only with pam_unix.so
which goes through nss which is configred for LDAP. Do I need
pam_smbpass.so in there? If so, why?
I've been pouring over straces, but I just can't figure it out. I can
see it try to open /etc/passwd at one point. I have straces of both
the successful "smbpasswd test0" call and the unsuccessful "passwd
test0" call. I can e-mail cleaned up full straces, but until
requested, I'll just include the open() lines:
--- smbpasswd test0
open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/usr/lib/libldap.so.2", O_RDONLY) = 3
open("/usr/lib/liblber.so.2", O_RDONLY) = 3
open("/lib/libresolv.so.2", O_RDONLY) = 3
open("/usr/lib/libcups.so.2", O_RDONLY) = 3
open("/lib/libdl.so.2", O_RDONLY) = 3
open("/lib/libnsl.so.1", O_RDONLY) = 3
open("/lib/libpam.so.0", O_RDONLY) = 3
open("/lib/libc.so.6", O_RDONLY) = 3
open("/lib/libcrypt.so.1", O_RDONLY) = 3
open("/usr/lib/libsasl.so.7", O_RDONLY) = 3
open("/usr/lib/i686/cmov/libssl.so.0.9.7", O_RDONLY) = 3
open("/usr/lib/i686/cmov/libcrypto.so.0.9.7", O_RDONLY) = 3
open("/lib/libdb2.so.2", O_RDONLY) = 3
open("/etc/localtime", O_RDONLY) = 3
open("/etc/samba/smb.conf", O_RDONLY|O_LARGEFILE) = 3
open("/usr/share/samba/codepages/codepage.850", O_RDONLY|O_LARGEFILE)
= 3
open("/usr/share/samba/codepages/unicode_map.850",
O_RDONLY|O_LARGEFILE) = 3
open("/usr/share/samba/codepages/unicode_map.ISO8859-1",
O_RDONLY|O_LARGEFILE) = 3
open("/var/lib/samba/secrets.tdb", O_RDWR|O_CREAT|O_LARGEFILE, 0600) =
3
open("/dev/tty", O_RDWR|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = 4
open("/dev/tty", O_RDWR|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = 4
open("/etc/resolv.conf", O_RDONLY) = 4
open("/etc/nsswitch.conf", O_RDONLY) = 4
open("/etc/ld.so.cache", O_RDONLY) = 4
open("/lib/libnss_files.so.2", O_RDONLY) = 4
open("/etc/host.conf", O_RDONLY) = 4
open("/etc/hosts", O_RDONLY) = 4
open("/etc/ldap/ldap.conf", O_RDONLY|O_LARGEFILE) = 4
open("/root/ldaprc", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file
or directory)
open("/root/.ldaprc", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file
or directory)
open("ldaprc", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or
directory)
open("/dev/null", O_RDONLY|O_NONBLOCK|O_DIRECTORY) = -1 ENOTDIR (Not a
directory)
open("/usr/lib/sasl", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) =
-1 ENOENT (No such file or directory)
open("/etc/hosts", O_RDONLY) = 4
open("/etc/hosts", O_RDONLY) = 4
open("/etc/ld.so.cache", O_RDONLY) = 4
open("/lib/libnss_dns.so.2", O_RDONLY) = 4
open("/etc/hosts", O_RDONLY) = 5
open("/etc/ld.so.cache", O_RDONLY) = 5
open("/lib/libnss_ldap.so.2", O_RDONLY) = 5
open("/etc/libnss-ldap.conf", O_RDONLY) = 5
open("/etc/ldap.secret", O_RDONLY) = 5
open("/etc/hosts", O_RDONLY) = 4
open("/etc/hosts", O_RDONLY) = 4
open("/etc/hosts", O_RDONLY) = 6
open("/etc/hosts", O_RDONLY) = 4
open("/etc/hosts", O_RDONLY) = 4
open("/etc/hosts", O_RDONLY) = 6
--- passwd test0
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib/libcrypt.so.1", O_RDONLY) = 3
open("/lib/libpam.so.0", O_RDONLY) = 3
open("/lib/libpam_misc.so.0", O_RDONLY) = 3
open("/lib/libdl.so.2", O_RDONLY) = 3
open("/lib/libc.so.6", O_RDONLY) = 3
open("/var/run/utmp", O_RDWR) = 3
open("/etc/nsswitch.conf", O_RDONLY) = 3
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib/libnss_ldap.so.2", O_RDONLY) = 3
open("/usr/lib/libldap.so.2", O_RDONLY) = 3
open("/usr/lib/liblber.so.2", O_RDONLY) = 3
open("/lib/libnsl.so.1", O_RDONLY) = 3
open("/lib/libresolv.so.2", O_RDONLY) = 3
open("/usr/lib/libsasl.so.7", O_RDONLY) = 3
open("/usr/lib/i686/cmov/libssl.so.0.9.7", O_RDONLY) = 3
open("/usr/lib/i686/cmov/libcrypto.so.0.9.7", O_RDONLY) = 3
open("/lib/libdb2.so.2", O_RDONLY) = 3
open("/etc/libnss-ldap.conf", O_RDONLY) = 3
open("/etc/ldap.secret", O_RDONLY) = 3
open("/etc/resolv.conf", O_RDONLY) = 3
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib/libnss_files.so.2", O_RDONLY) = 3
open("/etc/host.conf", O_RDONLY) = 3
open("/etc/hosts", O_RDONLY) = 3
open("/etc/ldap/ldap.conf", O_RDONLY|O_LARGEFILE) = 3
open("ldaprc", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or
directory)
open("/dev/null", O_RDONLY|O_NONBLOCK|O_DIRECTORY) = -1 ENOTDIR (Not a
directory)
open("/usr/lib/sasl", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) =
-1 ENOENT (No such file or directory)
open("/etc/passwd", O_RDONLY) = 4
open("/etc/pam.d/passwd", O_RDONLY) = 4
open("/lib/security/pam_smbpass.so", O_RDONLY) = 5
open("/etc/ld.so.cache", O_RDONLY) = 5
open("/usr/lib/libcups.so.2", O_RDONLY) = 5
open("/etc/pam.d/other", O_RDONLY) = 4
open("/lib/security/pam_unix.so", O_RDONLY) = 5
open("/etc/localtime", O_RDONLY) = 4
open("", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = -1 ENOENT (No
such file or directory)
[above repeated 5 more times]
open("/etc/samba/smb.conf", O_RDONLY|O_LARGEFILE) = 4
open("", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = -1 ENOENT (No
such file or directory)
[above repeated ~100 more times]
open("/etc/samba/smb.conf", O_RDONLY|O_LARGEFILE) = 4
open("", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = -1 ENOENT (No
such file or directory)
[above repeated ~60 more times]
clearly "passwd test0" is resulting in tons of calls opening a file
named "". I don't know enough about strace to know if that's an
issue. Thank you for any help.
Ross Patterson
Programmer/Analyst
831-459-2792
rossp at ucsc.edu
1156 High St, Barn G, PP&C
Santa Cruz, CA 95064
On 20 Feb 2003, Andrew Bartlett wrote:
> On Thu, 2003-02-20 at 08:44, rossp at ppc.ucsc.edu wrote:
> > On a Debian 3.0 system with user accounts stored in openldap, I have
> > unix and windows auth working just fine through ldap. smbpasswd can
> > change the samba passwd attributes, and passwd can change the unix
> > password attributes.
> >
> > I'm trying to get pam_smbpass to work to keep everything in sync, but
> > it only says "Failed to find entry for user test0." which indicates to
> > me that its looking in the smbpasswd file which has, of course,
> > nothing. "ldd /lib/security/pam_smbpass.so" gives libpam and libldap
> > among other things.
> >
> > Can someone tell me if pam_smbpass is using the SAM DB API? If
> > pam_smbpass is hardwired for the smbpasswd file, that would explain my
> > troubles.
> >
> > If it is using the SAM DB API, can anyone give me any direction?
>
> It does use the SAM API, so start turning up the debugging and see if
> you can figure out what's going on..
>
> Andrew Bartlett
>
> --
> Andrew Bartlett abartlet at pcug.org.au
> Manager, Authentication Subsystems, Samba Team abartlet at samba.org
> Student Network Administrator, Hawker College abartlet at hawkerc.net
> http://samba.org http://build.samba.org http://hawkerc.net
>
More information about the samba
mailing list