[Samba] Authenticating against samba passdb using PAM

"Jørgen P. Tjernø" jorgen at devsoft.no
Mon Jul 14 16:03:49 GMT 2008


I'm trying to get a web application I'm developing to authenticate
against the samba user database. As far as I can tell, what I have to do
is "simply" set up a PAM service that uses pam_smbpass.so, and then use
a PAM client library to authenticate against it.

For the second part, I found a Python example that authenticates against
a given PAM service, and it works fine when testing it on the passwd
service. (Default unix auth)

For the first part, I added this to /etc/pam.d/smbpw:
auth requisite pam_smbpass.so nodelay audit debug

When I try to authenticate, the python library tells me:
('Authentication failure', 7) and I get the following in /var/log/auth.log:

Jul 14 17:05:52 datamania python: pam_smbpass(smbpw:auth): username
[jorgenpt] obtained
Jul 14 17:05:53 datamania python: pam_smbpass(smbpw:auth): user jorgenpt
has null SMB password
Jul 14 17:05:53 datamania python: pam_smbpass(smbpw:auth): failed auth
request by root for service smbpw as jorgenpt

I know that my user does not have a null password; if I use the following:
smbclient -L //hostname

I get a password prompt. Attempting to use a blank password makes me
auth as Anonymous, using a wrong password gives me
NT_STATUS_LOGON_FAILURE and using the right password gives me the list.
pdbedit shows the following:
$ sudo pdbedit -wu jorgenpt

If I set nullok in /etc/pam.d/smbpw, the PAM library doesn't ask me for
a password and automatically authenticates me.

So, anyone have any tips on this? Perhaps know why pam_smbpass thinks I
have a null password?

I use passdb backend = tdbsam and encrypt passwords = true, and the PAM
library is running as root.

Kindest regards, Jørgen P. Tjernø

More information about the samba mailing list