[Samba] pam_smbpass.so passdb.tdb support

Kandukuru_Suresh at emc.com Kandukuru_Suresh at emc.com
Sun Jul 4 22:59:28 MDT 2010

Dear Volker,
  We are facing problem with tdbsam support  for pam_smbpass  in samba.
 Below is the email conversion with John T . 
 and I have created a bug at
https://bugzilla.samba.org/show_bug.cgi?id=7546 .
 I think we have to use tdbsam for our NAS device.
 Can you help us on this?.


-----Original Message-----
From: Kandukuru, Suresh 
Sent: Saturday, July 03, 2010 9:02 PM
To: 'jht at samba.org'
Subject: RE: [Samba] pam_smbpass.so passdb.tdb support

Thanks John, Created bug at

Thanks again.

-----Original Message-----
From: John H Terpstra [mailto:jht at samba.org] 
Sent: Saturday, July 03, 2010 7:56 PM
To: Kandukuru, Suresh
Cc: samba at lists.samba.org
Subject: Re: [Samba] pam_smbpass.so passdb.tdb support

On 07/03/2010 08:50 AM, Kandukuru_Suresh at emc.com wrote:
> Dear JHT,
>   Thanks for the quick reply.in
> http://www.samba.org/samba/history/samba-3.4.0.html .
> Samba team is recommending to use tdbsam.

Not just recommending - it is the default now.  The smbpasswd file can
not contain the information needed to fully support current MS Windows
clients.  The result is the smbpasswd format storage of MS Windows
networking credentials has been obsoleted.

> just wanted to know one thing,
> from samba 3.4 default backend  has been changed to tdbsam , why for
> of the module "pam_smbpass" in samba code is still looking for
> in smbpasswd?.is there any patch for that?. 

The pam_smbpasswd module has not been updated because noone has
contributed the necessary patches.  The tdbsam backend has been
available since September 2003, so my take on this is that VERY few
people use pam_smbpasswd.  If more were using it, someone might by now
have done something about the lack of support for tsbsam (and ldapsam
for that matter) in the pam_smbpasswd module.

> will this be removed in higher versions of samba than > 3.4?

Probably. Why don't you file a bug report on https://bugzilla.samba.org
? - that is the only way you might get action on this.

> I find several people asking the question on net.did not find any
> answer.anticipating your reply.

Sorry to disappoint you.

John T.

> Configuration changes
> =====================
> !!! ATTENTION !!!
> The default passdb backend has been changed to 'tdbsam'! That breaks
> existing
> setups using the 'smbpasswd' backend without explicit declaration!
> Please use
> 'passdb backend = smbpasswd' if you would like to stick to the
> 'smbpasswd'
> backend or convert your smbpasswd entries using e.g. 'pdbedit -i
> smbpasswd -e
> tdbsam'.
> The 'tdbsam' backend is much more flexible concerning per user
> like 'profile path' or 'home directory' and there are some commands
> which do not
> work with the 'smbpasswd' backend at all.
> -------------------------
> Thanks
> Suresh
> -----Original Message-----
> From: samba-bounces at lists.samba.org
> [mailto:samba-bounces at lists.samba.org] On Behalf Of John H Terpstra
> Sent: Saturday, July 03, 2010 6:31 PM
> To: samba at lists.samba.org
> Subject: Re: [Samba] pam_smbpass.so passdb.tdb support
> On 07/03/2010 05:29 AM, Kandukuru_Suresh at emc.com wrote:
>> Hi,
>>   Recently I have installed samba 3.4.8 on  my device. Since  then
>> (vsftp,proftpd)   which is taking users from samba database with
>> pam_smbpass.so is not working. After enabling  detailed log I have
>> noticed it is looking for the passwords in  smbpasswd
>> (/etc/samba/private) which is of zero size . I think all users passwd
>> are located in passwd.tdb.I could fix this by giving "passdb
>> backend=smbpasswd" .
>> somewhere I read smbpasswd is obsolete , and recommended to use
>> ..
>> and /etc/pam.d/ftp file is 
>> ---------------------
>> root at storage:/# cat /etc/pam.d/ftp
>> auth       required     /lib/security/pam_smbpass.so
>> account    required     /lib/security/pam_nologin.so
>> account    required     /lib/security/pam_smbpass.so
>> password   required     /lib/security/pam_smbpass.so
>> session    required     /lib/security/pam_unix.so
>> -------------------
>> How can I tell pam_smbpass module to use passdb.tdb (tdbsam) .?.
> Please
>> tell me I have been trying for last 2 days. Did  not find anything.
> You can not do that without changing the pam_smbpasswd code. This
> specifically operates against the smbpasswd file.
> -John T.

More information about the samba mailing list