Since I now have something which at least pretends to work, I suppose an
announcement is in order.
Those among you who track samba development are probably aware that samba
1.9.18p4 includes support for synchronising a unix database when changing
an SMB password. I'm currently working on a PAM module which will provide
similar functionality for all applications compiled with PAM support:
pam_smbpass. This authentication/password module uses local function
calls to query and/or update a samba-style SMB password file, and is
readily stackable. pam_smbpass provides similar functionality as would be
achieved via the smb_crypt module by Tom Ryan and smbd's new remote
password-changing routines, but offers the additional advantage of being
able to remove the authentication/encryption routines from the samba suite
itself in favor of the more flexible PAM interface.
Although this module is capable of serving as an authentication module, it
comes with a caveat: the present implementation will only handle as valid
input plaintext passwords. Consequently, it combines the disadvantages of
traditional unix models (plaintext passwords on the network) with those of
the NT password model (plaintext passwords on the hard drive). In the
near future, I intend to revise the module to support authentication via
hashed passwords.
In the meantime, I welcome anyone who's interested to kick pam_smbpass
around. It's available for download from
ftp://ftp.netexpress.net/pub/pam/ in either tar.gz or RedHat rpm format.
Kick it around, let me know if you find any bugs.. It's so far withstood
everything I've thrown at it, but there's nothing like putting it on the
open network to turn up coding errors. :)
-Steve Langasek
vorlon@netexpress.net / vorlon@dodds.net
-doink-
Matt, With respect to your querry regarding PAM authentication samba checks only for the "auth" and "account" parameters. This means we check that the user is allowed to log on and has a user account on the system. It would be trivial to extend this if anyone feels this is warranted. Cheers, John H Terpstra Samba-Team
Hie all, We have a problem with our samba configuration : - We use a samba server running under solaris, - Our clients can either be running solaris, windows or linux - Our Solaris (and linux) clients use the NIS identification mecanism. We would like that when a user changes its password on a Solaris (or linux) client, the password is changed both in the nis passwd database and in the smbpasswd database. This is currently working for Solaris clients : We use PAM (we added the following line : "other password required /usr/lib/security/pam_smb_passwd.so") + /usr/lib/security/pam_smb_passwd.so The problem is that our pam_smb_passwd.so file is a old version we got from an old samba server. Moreover it is compiled for Solaris. We would like to compile it, in order to have a new version for Solaris, and to have a version for linux. But I cannot identified neither the source files for this module nor the way I should compile it. - Which module is the right one? pam_smbpass? pam_smb? any other? - Where might I get it? - Is there any trick to compile it? Thanks for your help -- Matthieu EXBRAYAT Maitre de Conference / Associate Professor LIFO, Universite d'Orleans, France Tel: +33 2 38 41 72 34 Fax: +33 2 38 41 71 37
Matthieu Exbrayat wrote:> > Hie all, > > We have a problem with our samba configuration : > - We use a samba server running under solaris, > - Our clients can either be running solaris, windows or linux > - Our Solaris (and linux) clients use the NIS identification mecanism. > > We would like that when a user changes its password on a Solaris (or > linux) client, > the password is changed both in the nis passwd database and in the > smbpasswd database. > > This is currently working for Solaris clients : We use PAM > (we added the following line : "other password required > /usr/lib/security/pam_smb_passwd.so") > + /usr/lib/security/pam_smb_passwd.so > > The problem is that our pam_smb_passwd.so file is a old version we got > from an old samba server. Moreover it is compiled for Solaris. > We would like to compile it, in order to have a new version for Solaris, > and to have a version for linux. > But I cannot identified neither the source files for this module nor the > way I should compile it. > > - Which module is the right one? pam_smbpass? pam_smb? any other? > - Where might I get it? > - Is there any trick to compile it?./configure --with-pam_smbpass in the latest Samba 2.2 or 3.0 version (I think its working in both). Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net
hi, i've tried to get my samba usernames and passwords in sync with samba's support for pam. the pam module has been compiled and samba has been compiled with pam support. as i understand, the pam module keeps the usernames and password in sync. but i just can't get it to work. anyone tried this before and got it to work? i tried the examples pam config files. but somewhere im making a mistake or missing something. thanks, adriaan