[Samba] Authenticating against samba passdb using PAM
"Jørgen P. Tjernø"
jorgen at devsoft.no
Mon Jul 14 16:03:49 GMT 2008
Hey!
I'm trying to get a web application I'm developing to authenticate
against the samba user database. As far as I can tell, what I have to do
is "simply" set up a PAM service that uses pam_smbpass.so, and then use
a PAM client library to authenticate against it.
For the second part, I found a Python example that authenticates against
a given PAM service, and it works fine when testing it on the passwd
service. (Default unix auth)
For the first part, I added this to /etc/pam.d/smbpw:
auth requisite pam_smbpass.so nodelay audit debug
When I try to authenticate, the python library tells me:
('Authentication failure', 7) and I get the following in /var/log/auth.log:
Jul 14 17:05:52 datamania python: pam_smbpass(smbpw:auth): username
[jorgenpt] obtained
Jul 14 17:05:53 datamania python: pam_smbpass(smbpw:auth): user jorgenpt
has null SMB password
Jul 14 17:05:53 datamania python: pam_smbpass(smbpw:auth): failed auth
request by root for service smbpw as jorgenpt
I know that my user does not have a null password; if I use the following:
smbclient -L //hostname
I get a password prompt. Attempting to use a blank password makes me
auth as Anonymous, using a wrong password gives me
NT_STATUS_LOGON_FAILURE and using the right password gives me the list.
pdbedit shows the following:
$ sudo pdbedit -wu jorgenpt
jorgenpt:1000:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:<My hash>:[U
]:LCT-487B5ECE:
If I set nullok in /etc/pam.d/smbpw, the PAM library doesn't ask me for
a password and automatically authenticates me.
So, anyone have any tips on this? Perhaps know why pam_smbpass thinks I
have a null password?
I use passdb backend = tdbsam and encrypt passwords = true, and the PAM
library is running as root.
--
Kindest regards, Jørgen P. Tjernø
More information about the samba
mailing list