[Samba] Samba Hylafax PAM

L.P.H. van Belle belle at bazuin.nl
Tue Jan 26 10:56:58 UTC 2016 

O, try the following. 

 

Test this first. 

ldd /usr/sbin/hfaxd

 if you getting libpam.so..  something, then hylafax is compiled with pam support. 

 

Next, 

 

apt-get install libpam-ldap   ( just to be sure, i do believe you have installed it already ) 

 

create the file :  

/etc/pam.d/hylafax 

Add : 

 

auth         required       pam_ldap.so

account   required       pam_ldap.so

session    required       pam_ldap.so

 

and check the content of : 

 

/etc/pam_ldap.conf

And this as example adjust as needed. 

 

base dc=domain,dc=local

uri ldap://dc01.domain.local/ ldap://dc02.domain.local/

ldap_version 3

binddn auth_ldap_user at domain.local

bindpw password

rootbinddn auth_ldap_user at domain.local

pam_filter objectclass=user

pam_login_attribute sAMAccountName

pam_password crypt

 

^^ test with and without the pam_password crypt 

And test with 

pam_password bind  

 

 

Greetz, 

 

Louis

 

 


Van: Marcel Ebbrecht [mailto:m.ebbrecht at dortmundit.de] 
Verzonden: maandag 25 januari 2016 19:54
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] Samba Hylafax PAM


 

Hi Louis,

I gave it another shot - but without success. 

System: Debian Jessie, Hylafax-Server 6.0.6, pam 1.1.8, libpam-ldapd
0.9.4, nslcd 0.9.4 (all actual debian packets from stable),
sernet-samba-*-4.2.7-8

I got a Samba4 AD DC and use winbind or pam_ldapd on many servers successfully. On the specific machine (asterisk with hylafax and iaxmodem - works like a charm) pam works - I can switch to a different user, login by ssh with ad users a.s.o. - everything works, except hylafax auth :(

I can also login with user created with hylafax itself. But when I put 

auth required    pam_access.so
auth            sufficient              pam_ldap.so
account         sufficient              pam_ldap.so
password        sufficient              pam_ldap.so

in /etc/pam.d/hylafax, I get 

Jan 25 08:28:40 voip1 HylaFAX[1560]: pam_ldap(hylafax:auth): conversation failed
Jan 25 08:28:40 voip1 HylaFAX[1560]: pam_ldap(hylafax:auth): conversation failed
Jan 25 08:28:40 voip1 HylaFAX[1560]: pam_ldap(hylafax:auth): failed to get password: Authentication token manipulation error

Same result with winbind and classic pam_ldap without nslcd :(

I dont want to spam you - what kind information do you want :)

Greetings :)

Marcel

Am 18.01.2016 um 11:48 schrieb L.P.H. van Belle:
> Hai, 

> 

> I dont have hylafax running atm, but can you check for the following. 

> 

> /etc/pam.d/common-account/password/session .. etc.  and pam_ldap

> 

> Look for any : minimum_uid=1000  if you see that, remove "minimum_uid=1000" 

> And whats the UID for user : hylafax 

> 

> After the changes, 

> stop nslcd. 

> Restart samba 

> Restart hylafax

> 

> If needed reboot the server. 

> And check again. 

> 

> This is the first and only i can think of, it would be handy if above does not work, you share some more info of your config. 

> 

> 

> Greetz, 

> 

> Louis

> 

> 

> 

>> -----Oorspronkelijk bericht-----

>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Marcel Ebbrecht

>> Verzonden: maandag 18 januari 2016 10:15

>> Aan: samba at lists.samba.org

>> Onderwerp: [Samba] Samba Hylafax PAM

>> 

>>



Hi,

I posted this also on hylafax list - maybe here is someone with a hint.


System: Debian Jessie, Hylafax-Server 6.0.6, pam 1.1.8, libpam-ldapd
0.9.4, nslcd 0.9.4 (all actual debian packets from stable),
sernet-samba-*-4.2.7-8

After a switch from OpenLDAP to a Samba 4.2 based LDAP Server, I cannot
auth users anymore in Hylafax, everything else works. All on Debian
Jessie.

Strace:
11:30:44.510380 send(2, "<83>Jan  9 11:30:44 HylaFAX[25657]:
pam_ldap(hylafax:auth): conversation failed", 79, MSG_NOSIGNAL) = 79
<0.000066>
11:30:44.510592 send(2, "<83>Jan  9 11:30:44 HylaFAX[25657]:
pam_ldap(hylafax:auth): conversation failed", 79, MSG_NOSIGNAL) = 79
<0.000041>
11:30:44.510875 send(2, "<83>Jan  9 11:30:44 HylaFAX[25657]:
pam_ldap(hylafax:auth): failed to get password: Authentication token
manipulation error", 123, MSG_NOSIGNAL) = 123 <0.000060>

To shorten my mail: Is there anyone out there who made it? I mean
authentication for hylafax against a Samba 4 DC ? I tried: pam_ldap,
pam_winbind, ... everything (ssh local login, ...) works, except hylafax.

Any hints?

Greetings

Marcel

>> 

>> 

>> --

>> To unsubscribe from this list go to the following URL and read the

>> instructions:  https://lists.samba.org/mailman/options/samba

> 

> 

> 

More information about the samba mailing list