[Samba] crypt password authenticate method (passdb or pam)?

Claudinei Matos claudineimatos at hospedevip.com.br
Wed Jun 22 18:00:07 GMT 2005 

Hi,

I'm trying to put my samba to authenticate users into a mysql database.
I've started to use passdb and I did mapped the main fields and also did 
some change at pdb_sql.c code to match my needs.
Well, the problem is that I can't found a way to use crypt passwords 
with mysql using pdb_mysql, actually the type of passwords I'm allowed 
to use are "plain password", "lanmanager password" or "nt password". By 
the way I just could use "plain password", the other ways doesn't 
authenticate, just generate passwords.
Since I think that to make pdb_mysql to work with crypt password will 
need much more enforces changing source code, I prefer to find another way.
Looking at google I saw that I could use pam as authenticate method 
telling pam to look at mysql database using pam_mysql module but that 
solution doesn't work.
I did disabled pdb authenticate method and set "encrypt passwords = 
no","obey pam restrictions = yes","pam password change = yes" which are 
the needed changes I found at a lot of docummentation.
I did setup pam.d/samba like the guides I've found:

auth     required    pam_mysql.so   user=dbuser passwd=dbpass db=users 
table=users usercolumn=login crypt=0 passwordcolumn=password
account  required    pam_mysql.so   user=dbuser passwd=dbpass db=users 
table=users usercolumn=login crypt=0 passwordcolumn=password
password required    pam_mysql.so   user=dbuser passwd=dbpass db=users 
table=users usercolumn=login crypt=0 passwordcolumn=password
session  required    pam_mysql.so   user=dbuser passwd=dbpass db=users 
table=users usercolumn=login crypt=0 passwordcolumn=password

If I try to login using no pdb method and setting up pam parameters that 
what I get from smbd.log:

[2005/06/22 14:54:22, 5] passdb/pdb_interface.c:make_pdb_methods_name(669)
  Found pdb backend smbpasswd
[2005/06/22 14:54:22, 5] passdb/pdb_interface.c:make_pdb_methods_name(672)
  pdb backend smbpasswd has a valid init
[2005/06/22 14:54:22, 5] passdb/pdb_interface.c:make_pdb_methods_name(648)
  Attempting to find an passdb backend to match guest (guest)
[2005/06/22 14:54:22, 5] passdb/pdb_interface.c:make_pdb_methods_name(669)
  Found pdb backend guest
[2005/06/22 14:54:22, 5] passdb/pdb_interface.c:make_pdb_methods_name(672)
  pdb backend guest has a valid init
...
[2005/06/22 14:54:59, 5] passdb/pdb_interface.c:make_pdb_context_list(763)
  Trying to load: smbpasswd
[2005/06/22 14:54:59, 5] passdb/pdb_interface.c:smb_register_passdb(93)
  Attempting to register passdb backend ldapsam
[2005/06/22 14:54:59, 5] passdb/pdb_interface.c:smb_register_passdb(106)
  Successfully added passdb backend 'ldapsam'
[2005/06/22 14:54:59, 5] passdb/pdb_interface.c:smb_register_passdb(93)
  Attempting to register passdb backend ldapsam_compat
[2005/06/22 14:54:59, 5] passdb/pdb_interface.c:smb_register_passdb(106)
  Successfully added passdb backend 'ldapsam_compat'
[2005/06/22 14:54:59, 5] passdb/pdb_interface.c:smb_register_passdb(93)
  Attempting to register passdb backend smbpasswd
[2005/06/22 14:54:59, 5] passdb/pdb_interface.c:smb_register_passdb(106)
  Successfully added passdb backend 'smbpasswd'
[2005/06/22 14:54:59, 5] passdb/pdb_interface.c:smb_register_passdb(93)
  Attempting to register passdb backend tdbsam
[2005/06/22 14:54:59, 5] passdb/pdb_interface.c:smb_register_passdb(106)
  Successfully added passdb backend 'tdbsam'
[2005/06/22 14:54:59, 5] passdb/pdb_interface.c:smb_register_passdb(93)
  Attempting to register passdb backend guest
[2005/06/22 14:54:59, 5] passdb/pdb_interface.c:smb_register_passdb(106)
  Successfully added passdb backend 'guest'
[2005/06/22 14:54:59, 5] passdb/pdb_interface.c:make_pdb_methods_name(648)
  Attempting to find an passdb backend to match smbpasswd (smbpasswd)
[2005/06/22 14:54:59, 5] passdb/pdb_interface.c:make_pdb_methods_name(669)
  Found pdb backend smbpasswd
[2005/06/22 14:54:59, 5] passdb/pdb_interface.c:make_pdb_methods_name(672)
  pdb backend smbpasswd has a valid init
[2005/06/22 14:54:59, 5] passdb/pdb_interface.c:make_pdb_methods_name(648)
  Attempting to find an passdb backend to match guest (guest)
[2005/06/22 14:54:59, 5] passdb/pdb_interface.c:make_pdb_methods_name(669)
  Found pdb backend guest
[2005/06/22 14:54:59, 5] passdb/pdb_interface.c:make_pdb_methods_name(672)
  pdb backend guest has a valid init

It appears like pam was not even called so the backend that samba try to 
use is smbpasswd.
I did add my username to smbpasswd file ant try to login again and now 
that's work.

So, what I want to know is how I can make my users authenticate by mysql 
using crypt password?
Is there a way to make pdb_mysql to use crypt passwords? If not, how can 
I put pam to do the authenticate?

Any advice would be aprreciated.

Tks,

Claudinei Matos

More information about the samba mailing list