[Samba] Samba Hylafax PAM

Marcel Ebbrecht m.ebbrecht at dortmundit.de
Mon Jan 25 18:54:29 UTC 2016 

Hi Louis,

I gave it another shot - but without success.

System: Debian Jessie, Hylafax-Server 6.0.6, pam 1.1.8, libpam-ldapd
0.9.4, nslcd 0.9.4 (all actual debian packets from stable),
sernet-samba-*-4.2.7-8

I got a Samba4 AD DC and use winbind or pam_ldapd on many servers
successfully. On the specific machine (asterisk with hylafax and
iaxmodem - works like a charm) pam works - I can switch to a different
user, login by ssh with ad users a.s.o. - everything works, except
hylafax auth :(

I can also login with user created with hylafax itself. But when I put

auth required    pam_access.so
auth            sufficient              pam_ldap.so
account         sufficient              pam_ldap.so
password        sufficient              pam_ldap.so

in /etc/pam.d/hylafax, I get

Jan 25 08:28:40 voip1 HylaFAX[1560]: pam_ldap(hylafax:auth):
conversation failed
Jan 25 08:28:40 voip1 HylaFAX[1560]: pam_ldap(hylafax:auth):
conversation failed
Jan 25 08:28:40 voip1 HylaFAX[1560]: pam_ldap(hylafax:auth): failed to
get password: Authentication token manipulation error

Same result with winbind and classic pam_ldap without nslcd :(

I dont want to spam you - what kind information do you want :)

Greetings :)

Marcel

Am 18.01.2016 um 11:48 schrieb L.P.H. van Belle:
> Hai, > > I dont have hylafax running atm, but can you check for the
following. > > /etc/pam.d/common-account/password/session .. etc.  and
pam_ldap > > Look for any : minimum_uid=1000  if you see that, remove
"minimum_uid=1000" > And whats the UID for user : hylafax > > After the
changes, > stop nslcd. > Restart samba > Restart hylafax > > If needed
reboot the server. > And check again. > > This is the first and only i
can think of, it would be handy if above does not work, you share some
more info of your config. > > > Greetz, > > Louis > > > >>
-----Oorspronkelijk bericht----- >> Van: samba
[mailto:samba-bounces at lists.samba.org] Namens Marcel Ebbrecht >>
Verzonden: maandag 18 januari 2016 10:15 >> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] Samba Hylafax PAM >> >>
> Hi,
>
> I posted this also on hylafax list - maybe here is someone with a hint.
>
>
> System: Debian Jessie, Hylafax-Server 6.0.6, pam 1.1.8, libpam-ldapd
> 0.9.4, nslcd 0.9.4 (all actual debian packets from stable),
> sernet-samba-*-4.2.7-8
>
> After a switch from OpenLDAP to a Samba 4.2 based LDAP Server, I cannot
> auth users anymore in Hylafax, everything else works. All on Debian
> Jessie.
>
> Strace:
> 11:30:44.510380 send(2, "<83>Jan  9 11:30:44 HylaFAX[25657]:
> pam_ldap(hylafax:auth): conversation failed", 79, MSG_NOSIGNAL) = 79
> <0.000066>
> 11:30:44.510592 send(2, "<83>Jan  9 11:30:44 HylaFAX[25657]:
> pam_ldap(hylafax:auth): conversation failed", 79, MSG_NOSIGNAL) = 79
> <0.000041>
> 11:30:44.510875 send(2, "<83>Jan  9 11:30:44 HylaFAX[25657]:
> pam_ldap(hylafax:auth): failed to get password: Authentication token
> manipulation error", 123, MSG_NOSIGNAL) = 123 <0.000060>
>
> To shorten my mail: Is there anyone out there who made it? I mean
> authentication for hylafax against a Samba 4 DC ? I tried: pam_ldap,
> pam_winbind, ... everything (ssh local login, ...) works, except hylafax.
>
> Any hints?
>
> Greetings
>
> Marcel
>
>> >> >> -- >> To unsubscribe from this list go to the following URL and
read the >> instructions:  https://lists.samba.org/mailman/options/samba
> > >

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20160125/8ca1b65f/signature.sig>

More information about the samba mailing list