[Samba] Broken pipe when using ssh with pam_smbpass.so migrate

Simon Nagl simonnagl at aim.com
Fri Mar 4 20:19:35 UTC 2016

Hello again,

today I tried to debug the problem myself.
After downloading the source code I noticed that pam_smbpass is actually outdated.
It is removed with samba version 4.4 which I am actually not using. 

I found the reason for that in commit the commit message:
> commit 3c00e8d76a2ef6194a8ce522c15853e5b8e9262b
> Author: Andrew Bartlett <abartlet at samba.org>
> Date:   Sat Oct 10 08:45:41 2015 +1300
>     pam_smbpass: REMOVE this PAM module
>     This pam module causes GPLv3, thread-unsafe Samba code to be directly loaded
>     into the address space of many system services.  The code in question was not
>     expected to run in this context, and while using the Samba, rather than the system
>     password file is a admirable goal, this needs to be done over inter-process
>     communication, such as is done by pam_winbind.
>     pam_winbind is not a total replacement, as the migrate functionality used
>     to keep the Samba password up to date with the system password is not
>     present, but otherwise can provide essentially the same services.
>     Andrew Bartlett
>     Signed-off-by: Andrew Bartlett <abartlet at samba.org>
>     Reviewed-by: Jeremy Allison <jra at samba.org>

Now I am wondering how to keep my samba and unix accounts in sync.
My goal is having one account for ssh and samba-login on one server while keeping the configuration as simple as possible.

Is it possible to use winbindd and the corresponding pam module to authenticate against the samba user database without running a ad-dc?

Also I would offer to help making https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html better.
I am not sure where you discuss possible enhancements. Open a bug? At this mailing list?

Thank’s for your help,

More information about the samba mailing list