[Samba] pam_smbpass.so on AIX
abartlet at samba.org
Fri Jan 18 14:35:05 MST 2013
On Fri, 2013-01-18 at 19:20 +0000, Benjamin Huntsman wrote:
> Yet another odd one...
> I've got it set up now so that swat uses pam_smbpass.so, and once a user logs into swat at least once, it'll update their password in the passdb backend configured for Samba. But, I also need to ensure that when a user changes their password via passwd, it also gets updated. I added the following in /etc/security/login.cfg:
> auth_type = PAM_AUTH
> and that makes telnetd, passwd, etc all go through pam.
> However, when I try to log in via telnet or run passwd, I get this in syslog.log:
> Jan 18 10:59:06 systst auth|security:debug login PAM: load_modules: /usr/lib/security/pam_aix
> Jan 18 10:59:06 systst auth|security:debug login PAM: load_function: successful load of pam_sm_authenticate
> Jan 18 10:59:06 systst auth|security:debug login PAM: load_modules: /opt/samba-4.0.0/lib/security/pam_smbpass.so
> Jan 18 10:59:06 systst auth|security:debug login PAM: open_module: /opt/samba-4.0.0/lib/security/pam_smbpass.so failed: A file or directory in the path name does not exist.
> Jan 18 10:59:06 systst auth|security:err|error login PAM: load_modules: can not open module /opt/samba-4.0.0/lib/security/pam_smbpass.so
> However, if I run swat, it'll load /opt/samba-4.0.0/lib/security/pam_smbpass.so just fine. No, it's not a typo, and yes, the module is present in that path.
> I don't know what to do. I need to deploy this tomorrow (Saturday), and the users need to be able to update their Samba passwords when they run passwd, etc. Replacing the system passwd program with a script that calls both from absolute paths is not a workable solution, though technically it would work.
> Anyway, any idea why swat can load pam_smbpass.so but not telnetd or passwd?
Run ldd on the binary. it will show the unresolved library references.
My guess is that things it relies on, are on in the standard library
path for the system. Perhaps edit /etc/ld.so.conf to put
opt/samba-4.0.0/lib in that path?
Normally all that isn't required (we use -rpath when linking), but
perhaps that's working for our binaries (eg swat), but not our plugins
when loaded by telnet?
Anyway, that's how I would start debugging this.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba