samba - Sep 1997 - PAM and SAMBA

On 15 Sep 1997, Johnie Stafford wrote:
> 
> I'm trying to use samba with a win95 box and Red Hat 4.2. I have the
> default pam config files for samba:
> 
> #%PAM-1.0
> auth       required	/lib/security/pam_pwdb.so shadow nullok
> account    required	/lib/security/pam_pwdb.so
> 
> 
> When ever win95 tries to authenticate I get the following in the logs:
> 
> Sep 15 17:37:17 olympus PAM_pwdb[4224]: 1 authentication failure; (uid=0)
-> jms for samba service
> 
> Any idea what I'm doing wrong? I'm new to PAM and I'm lost.
This may not be a PAM issue at all.

Can you authenticate on the Linux box using smbclient? If so, then it
isn't likely to be a PAM issue per se.

New releases of win95 are shipped with "encrypted passwords" enabled
by
default. If encrypted passwords are used, then samba keeps its own
authentication database and doesn't use /etc/passwd. You will need to grab
a des library and compile that into samba. Look in ENCRYPTION.txt which
comes with the samba source for details.

If you don't want to teach samba how to deal with encrypted passwords,
there is a registry entry which tells win95 not to use them. Either  look
up the samba web pages and mailing list archives, or look at the doco
which comes with the latest version of samba.

BTW, I'm pretty sure that samba authentication against encrypted passwords
doesn't use PAM at all. If someone developed a suitable module, it could
be, and that would let you do some other PAM stuff as well. I don't know
whether it would be worth the effort though. 

Charlie Brady - Telstra  |internet: cbrady@ind.tansu.com.au
Network Products         |Snail    : Locked Bag 6581, GPO Sydney 2001 Australia
Platform Technologies    |Physical : Lvl 2, 175 Liverpool St, Sydney 2000
 IN-Sub Unit - Sydney    | Phone: +61 2 9206 3470 Fax: +61 2 9281 1301

On Tue, 16 Sep 1997, Charlie Brady wrote:
> 
> On 15 Sep 1997, Johnie Stafford wrote:
> 
> > 
> > I'm trying to use samba with a win95 box and Red Hat 4.2. I have
the
> > default pam config files for samba:
> > 
> > #%PAM-1.0
> > auth       required	/lib/security/pam_pwdb.so shadow nullok
> > account    required	/lib/security/pam_pwdb.so
> > 
> > 
> > When ever win95 tries to authenticate I get the following in the logs:
> > 
> > Sep 15 17:37:17 olympus PAM_pwdb[4224]: 1 authentication failure;
(uid=0) -> jms for samba service
> > 
> > Any idea what I'm doing wrong? I'm new to PAM and I'm
lost.
> 
 
> If you don't want to teach samba how to deal with encrypted passwords,
> there is a registry entry which tells win95 not to use them. Either  look
> up the samba web pages and mailing list archives, or look at the doco
> which comes with the latest version of samba.
in the docs directory, there are two .reg files.  one is for NT, the 
other for w95.  dubbl-click on dem and dey get loaded into the registry.

 
> BTW, I'm pretty sure that samba authentication against encrypted
passwords
> doesn't use PAM at all. If someone developed a suitable module, it
could
> be, and that would let you do some other PAM stuff as well. I don't
know
> whether it would be worth the effort though. 
oh, yeh - it would.  it would make other unix vendors aware of the 
advantages of PAM.


Luke Kenneth Casson Leighton (lkcl@switchboard.net)
"Deal with difficult problems while they are still easy"