[Samba] pam_unix failing after pam_winbind when Samba is running in Standalone Server mode
Jöran Malek
joeran3 at gmail.com
Fri Aug 4 15:00:53 UTC 2023
Ah, didn't thought about that.
So, scenario is as follows:
I want to create a homebrew NAS system, which I don't have to
synchronize passwords with each and every additional sharing service I
add (webdav, sftp, ftp, nfs, smb) but use existing infrastructure
(PAM) to perform this.
Up until 2014 there was pam_smbpass which allowed PAM to authenticate
against the Samba passdb, performing this service: I can create a
dummy unix user, add that to smbpasswd and login with these
credentials to my local system.
Now that pam_smbpass is deprecated and removed - pam_winbind should be
the drop-in replacement which, as far as I read from that bug ticket,
should allow smbpasswd authentication of unix users, if the smb server
is running in standalone mode.
If I'm not mistaken, the patch mentioned in that ticket is around this place:
https://gitlab.com/samba-team/samba/-/blob/samba-4.17.9/source3/winbindd/winbindd_util.c?ref_type=tags#L1576
Which has a check for standalone role:
https://gitlab.com/samba-team/samba/-/blob/samba-4.17.9/source3/winbindd/winbindd_util.c?ref_type=tags#L1527
So as shown in the syslog pam_winbind is able to find and authenticate
the user, but the user passed on to pam_unix has the netbios name
attached, which causes it to fail (and not find the username).
As the conversation in that ticket progresses, I don't know whether
the off-tracker converstation had any success.
I really don't want to run a directory service just for logging in three users.
Best,
Jöran Malek
More information about the samba
mailing list