[Samba] urgent help needed! pam_smb auth any password...

Andrew Bartlett abartlet at samba.org
Fri Oct 10 04:07:42 GMT 2003

On Thu, 2003-10-09 at 00:53, Jelmer Vernooij wrote:
> On Wed, 2003-10-08 at 14:50, Luís Miguel Silva wrote:

> > All the other samba servers auth nicely on samba 3.0, and im able to logon the domain, but...
> > when i try to auth an account with pam_smb, i can ALLWAYS connect!
> > 
> > It accepts ANY login/password pair!
> > 
> > I read the pam_smb "warning" which said:
> > This version contains a bug-fix that stops pam_smb from authenticating 
> > against servers in share mode i.e. Win 95 or samba in share mode.
> > If you had a share mode server by mistake in your pam_smb.conf
> > anyone could log in to any a/c on your machine with no password !!!
> > 
> > I allready installed this version...and checked the code and it doesnt seem to do no good.
> > 
> > Can anybody help me with this?
> > 
> > My pam_smb version is 1.1.7
> pam_smb is not a module from Samba, so you probably would have a better
> response at the pam_smb mailinglist.
> Jelmer

Furthermore, I would strongly advise against the use of pam_smb - it
does nothing to check that it is indeed talking to the correct server. 
I always recommend the use of pam_winbindd instead.

To match pam_smb behaviour, you might want to use the 'winbind use
default domain' option in your smb.conf.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031010/fb2c12d4/attachment.bin

More information about the samba mailing list