Hello everybody,
First of all excuse me if this is a stupid question.
I have samba-1.9.17p4 running on a 2.0.31 Linux box with PAM (based on
the RedHat 4.2 distrib). Everything is OK except that all of the smbd
processes belong to root. I am used to samba on AIX (for along time)
where all smbd's belong to their respective pc user.
my syslog is filled up with :
Nov 3 07:03:21 lyloo PAM_pwdb[2544]: 1 authentication failure; (uid=0) ->
user for samba service
I am a PAM zero so can anyone explain this ?
TIA
--
_
David PAQUET email : paquet@seac.pf __\ /\
System Coconut phone : +689 861214 / _\|__
fax : +689 861019 //o\\ \
| \\
Civil Aviation ||
TAHITI - French Polynesia ________________________________/ \
> Date: Mon, 3 Nov 1997 17:14:44 -1000 > From: paquet@seac.pf > Subject: PAM question > > I have samba-1.9.17p4 running on a 2.0.31 Linux box with PAM (based on > the RedHat 4.2 distrib). Everything is OK except that all of the smbd > processes belong to root. I am used to samba on AIX (for along time) > where all smbd's belong to their respective pc user. > > my syslog is filled up with : > > Nov 3 07:03:21 lyloo PAM_pwdb[2544]: 1 authentication failure; (uid=0) -> user for samba serviceDid you enable PAM support in the Makefile when you compiled samba? That works fine on my RH 4.2 system. If you did, and it didn't work, try using the stock RedHat samba RPM that comes with the 4.2 distribution. Can users log into the server with telnet or ftp? If not, you have a more severe PAM problem! Peter ----- Peter H. Lemieux, President mailto:phl@cyways.com cyways, inc. http://www.cyways.com 203 Arlington Street Voice: (800) 5-cyways Watertown, Massachusetts 02172-2036 USA +1 (617) 924-7991
Hello people, Maybe a simple question, but I can't find any info on the list or the manpages about this. I am using the latest samba_2_2 cvs code in linux with winbind working perfectly. The samba server will act as a file/print server, so the users just need to be authenticated by the NT PDC. The winbind manpage says to add these entries in /etc/pam.d/* auth required /lib/security/pam_securetty.so auth required /lib/security/pam_nologin.so auth required /lib/security/pam_winbind.so auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok account required /lib/security/pam_winbind.so My question is exactly which file is this '*' in my case. Which one(s) should be added/changed in /etc/pam.d? I tried adding a 'samba' file with these entries as well as using a 'passwd' file with the same entries and both work. I'd just like to know which one am I supposed to use, or maybe another one. Thanks! Cheers Gustavo
Hello Gustavo You need to change the pam files of the services you want to auth using winbindd. For example if you want to allo users to login using telnet, you need to change the '/etc/pam.d/login' file. If you are using RedHat linux there is a system-auth file that is used by all services. I modified this file because I wanted to auth all services using winbind (my modification to this file is posted in a thread called 'Winbindd -- before I send a bug report'). Test your service while you are logged in the console, because if you modify a file you are using to log in (login, sshd) and there is a problem with winbind, you wont be able to log in again. Rogelio J. Baucells -----Original Message----- From: Michels, Gustavo [EES/BR] [mailto:gustavo.michels@emersonenergy.com] Sent: Monday, September 17, 2001 10:28 AM To: samba@lists.samba.org Subject: Pam question Hello people, Maybe a simple question, but I can't find any info on the list or the manpages about this. I am using the latest samba_2_2 cvs code in linux with winbind working perfectly. The samba server will act as a file/print server, so the users just need to be authenticated by the NT PDC. The winbind manpage says to add these entries in /etc/pam.d/* auth required /lib/security/pam_securetty.so auth required /lib/security/pam_nologin.so auth required /lib/security/pam_winbind.so auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok account required /lib/security/pam_winbind.so My question is exactly which file is this '*' in my case. Which one(s) should be added/changed in /etc/pam.d? I tried adding a 'samba' file with these entries as well as using a 'passwd' file with the same entries and both work. I'd just like to know which one am I supposed to use, or maybe another one. Thanks! Cheers Gustavo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Hello Rogelio, I found your post in the thread you mentioned, but I haven't applied the changes. I was about to use your system-auth file, but as I was deleting /etc/pam.d/samba and restoring /etc/pam.d/passwd to its original, I noticed samba and winbind still worked correctly, even without any changes in the pam files. I am sure all files there are as they were when the server was first installed. But how is samba stil working, if the pam files does not contain any references to libnss_winss.so or pam_winbind.so? Another thing I noticed, logging in via telnet with a local linux user is taking much longer and if I stop the winbind daemon, telnet logins are as fast as they should be. Can you reproduce the same scenario I have here? I am using the latest samba_2_2 cvs source code, maybe there are some changes there... Cheers Gustavo -----Original Message----- From: Rogelio J. Baucells [mailto:rogelio@ats-corp.com] Sent: segunda-feira, 17 de setembro de 2001 12:09 To: samba@lists.samba.org Subject: RE: Pam question Hello Gustavo You need to change the pam files of the services you want to auth using winbindd. For example if you want to allo users to login using telnet, you need to change the '/etc/pam.d/login' file. If you are using RedHat linux there is a system-auth file that is used by all services. I modified this file because I wanted to auth all services using winbind (my modification to this file is posted in a thread called 'Winbindd -- before I send a bug report'). Test your service while you are logged in the console, because if you modify a file you are using to log in (login, sshd) and there is a problem with winbind, you wont be able to log in again. Rogelio J. Baucells -----Original Message----- From: Michels, Gustavo [EES/BR] [mailto:gustavo.michels@emersonenergy.com] Sent: Monday, September 17, 2001 10:28 AM To: samba@lists.samba.org Subject: Pam question Hello people, Maybe a simple question, but I can't find any info on the list or the manpages about this. I am using the latest samba_2_2 cvs code in linux with winbind working perfectly. The samba server will act as a file/print server, so the users just need to be authenticated by the NT PDC. The winbind manpage says to add these entries in /etc/pam.d/* auth required /lib/security/pam_securetty.so auth required /lib/security/pam_nologin.so auth required /lib/security/pam_winbind.so auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok account required /lib/security/pam_winbind.so My question is exactly which file is this '*' in my case. Which one(s) should be added/changed in /etc/pam.d? I tried adding a 'samba' file with these entries as well as using a 'passwd' file with the same entries and both work. I'd just like to know which one am I supposed to use, or maybe another one. Thanks! Cheers Gustavo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba