[Samba] working pam configuration
David Komanek
xdavid at lib-eth.natur.cuni.cz
Wed Jun 1 09:08:00 GMT 2005
Hi all,
I am trying to find an alternative for samba3 using kerberos-stored
passwords for users. So I have pam_krb5.so from debians pam_heimdal
package and heimdal kdc running. From the smbd debug log it seems there is
no problem with verification of the user's password. But the problem is
while establishing a session for the authenticated user:
For wrong kerberos password:
----------------------------
Client side:
# smbclient -U komanek //127.0.0.1/homes
Password:
session setup failed: NT_STATUS_LOGON_FAILURE
Server-side debug:
[2005/06/01 10:34:12, 0] auth/pampass.c:smb_pam_passcheck(810)
smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User komanek !
For the right kerberos password:
--------------------------------
Client side:
# smbclient -U komanek //127.0.0.1/homes
Password:
session setup failed: Call returned zero bytes (EOF)
Server-side debug:
[2005/06/01 10:35:50, 0] auth/pampass.c:smb_pam_setcred(614)
smb_pam_setcred: PAM: UNKNOWN PAM ERROR (3) during SetCredentials for
User: komanek
[2005/06/01 10:35:50, 0] auth/pampass.c:smb_pam_passcheck(822)
smb_pam_passcheck: PAM: smb_pam_setcred failed - Rejecting User komanek
!
[2005/06/01 10:35:50, 0] lib/fault.c:fault_report(36)
===============================================================
[2005/06/01 10:35:50, 0] lib/fault.c:fault_report(37)
INTERNAL ERROR: Signal 11 in pid 4473 (3.0.14a)
Please read the appendix Bugs of the Samba HOWTO collection
[2005/06/01 10:35:50, 0] lib/fault.c:fault_report(39)
===============================================================
[2005/06/01 10:35:50, 0] lib/util.c:smb_panic2(1495)
PANIC: internal error
[2005/06/01 10:35:50, 0] lib/util.c:smb_panic2(1503)
BACKTRACE: 22 stack frames:
#0 /usr/local/sbin/smbd(smb_panic2+0x1f5) [0x8230544]
#1 /usr/local/sbin/smbd(smb_panic+0x19) [0x823034d]
#2 /usr/local/sbin/smbd [0x821a715]
#3 /usr/local/sbin/smbd [0x821a78d]
#4 [0xffffe420]
#5 /lib/security/pam_krb5.so(cleanup_cache+0x42) [0x40687302]
#6 /lib/libpam.so.0(_pam_free_data+0x7d) [0x401d76cd]
#7 /lib/libpam.so.0(pam_end+0x37) [0x401d6e77]
#8 /usr/local/sbin/smbd [0x827e3fc]
#9 /usr/local/sbin/smbd(smb_pam_passcheck+0x27d) [0x827ff3b]
#10 /usr/local/sbin/smbd [0x8280251]
#11 /usr/local/sbin/smbd(pass_check+0x10d) [0x828036a]
#12 /usr/local/sbin/smbd [0x8275843]
#13 /usr/local/sbin/smbd [0x82727c6]
#14 /usr/local/sbin/smbd(reply_sesssetup_and_X+0xfbf) [0x80c9525]
#15 /usr/local/sbin/smbd [0x80f6ebb]
#16 /usr/local/sbin/smbd [0x80f6f91]
#17 /usr/local/sbin/smbd(process_smb+0x215) [0x80f7328]
#18 /usr/local/sbin/smbd(smbd_process+0x195) [0x80f8142]
#19 /usr/local/sbin/smbd(main+0x8a2) [0x82bc5d4]
#20 /lib/tls/libc.so.6(__libc_start_main+0xf4) [0x402f3974]
#21 /usr/local/sbin/smbd [0x80840c1]
My /etc/pam.d/samba:
auth required pam_krb5.so
#the following line seems to have no effect for me (if present or no)
session required pam_krb5.so
Possibly I do not understand what should I write in my /etc/pam.d/samba to
overcome this problem. I also do not know if this is problem on the samba
side, but at least I think smbd should not crash.
What do you think about ?
Thanks a lot.
David Komanek
More information about the samba
mailing list