[Samba] working pam configuration

David Komanek xdavid at lib-eth.natur.cuni.cz
Wed Jun 1 09:08:00 GMT 2005

Hi all,

I am trying to find an alternative for samba3 using kerberos-stored 
passwords for users. So I have pam_krb5.so from debians pam_heimdal 
package and heimdal kdc running. From the smbd debug log it seems there is 
no problem with verification of the user's password. But the problem is 
while establishing a session for the authenticated user:

For wrong kerberos password:
Client side:
# smbclient -U komanek //
session setup failed: NT_STATUS_LOGON_FAILURE

Server-side debug:
[2005/06/01 10:34:12, 0] auth/pampass.c:smb_pam_passcheck(810)
   smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User komanek !

For the right kerberos password:
Client side:
# smbclient -U komanek //
session setup failed: Call returned zero bytes (EOF)

Server-side debug:
[2005/06/01 10:35:50, 0] auth/pampass.c:smb_pam_setcred(614)
   smb_pam_setcred: PAM: UNKNOWN PAM ERROR (3) during SetCredentials for 
User: komanek
[2005/06/01 10:35:50, 0] auth/pampass.c:smb_pam_passcheck(822)
   smb_pam_passcheck: PAM: smb_pam_setcred failed - Rejecting User komanek 
[2005/06/01 10:35:50, 0] lib/fault.c:fault_report(36)
[2005/06/01 10:35:50, 0] lib/fault.c:fault_report(37)
   INTERNAL ERROR: Signal 11 in pid 4473 (3.0.14a)
   Please read the appendix Bugs of the Samba HOWTO collection
[2005/06/01 10:35:50, 0] lib/fault.c:fault_report(39)
[2005/06/01 10:35:50, 0] lib/util.c:smb_panic2(1495)
   PANIC: internal error
[2005/06/01 10:35:50, 0] lib/util.c:smb_panic2(1503)
   BACKTRACE: 22 stack frames:
    #0 /usr/local/sbin/smbd(smb_panic2+0x1f5) [0x8230544]
    #1 /usr/local/sbin/smbd(smb_panic+0x19) [0x823034d]
    #2 /usr/local/sbin/smbd [0x821a715]
    #3 /usr/local/sbin/smbd [0x821a78d]
    #4 [0xffffe420]
    #5 /lib/security/pam_krb5.so(cleanup_cache+0x42) [0x40687302]
    #6 /lib/libpam.so.0(_pam_free_data+0x7d) [0x401d76cd]
    #7 /lib/libpam.so.0(pam_end+0x37) [0x401d6e77]
    #8 /usr/local/sbin/smbd [0x827e3fc]
    #9 /usr/local/sbin/smbd(smb_pam_passcheck+0x27d) [0x827ff3b]
    #10 /usr/local/sbin/smbd [0x8280251]
    #11 /usr/local/sbin/smbd(pass_check+0x10d) [0x828036a]
    #12 /usr/local/sbin/smbd [0x8275843]
    #13 /usr/local/sbin/smbd [0x82727c6]
    #14 /usr/local/sbin/smbd(reply_sesssetup_and_X+0xfbf) [0x80c9525]
    #15 /usr/local/sbin/smbd [0x80f6ebb]
    #16 /usr/local/sbin/smbd [0x80f6f91]
    #17 /usr/local/sbin/smbd(process_smb+0x215) [0x80f7328]
    #18 /usr/local/sbin/smbd(smbd_process+0x195) [0x80f8142]
    #19 /usr/local/sbin/smbd(main+0x8a2) [0x82bc5d4]
    #20 /lib/tls/libc.so.6(__libc_start_main+0xf4) [0x402f3974]
    #21 /usr/local/sbin/smbd [0x80840c1]

My /etc/pam.d/samba:
auth       required     pam_krb5.so
#the following line seems to have no effect for me (if present or no)
session    required     pam_krb5.so

Possibly I do not understand what should I write in my /etc/pam.d/samba to 
overcome this problem. I also do not know if this is problem on the samba 
side, but at least I think smbd should not crash.

What do you think about ?

Thanks a lot.

David Komanek

More information about the samba mailing list