Since I now have something which at least pretends to work, I suppose an announcement is in order. Those among you who track samba development are probably aware that samba 1.9.18p4 includes support for synchronising a unix database when changing an SMB password. I'm currently working on a PAM module which will provide similar functionality for all applications compiled with PAM support: pam_smbpass. This authentication/password module uses local function calls to query and/or update a samba-style SMB password file, and is readily stackable. pam_smbpass provides similar functionality as would be achieved via the smb_crypt module by Tom Ryan and smbd's new remote password-changing routines, but offers the additional advantage of being able to remove the authentication/encryption routines from the samba suite itself in favor of the more flexible PAM interface. Although this module is capable of serving as an authentication module, it comes with a caveat: the present implementation will only handle as valid input plaintext passwords. Consequently, it combines the disadvantages of traditional unix models (plaintext passwords on the network) with those of the NT password model (plaintext passwords on the hard drive). In the near future, I intend to revise the module to support authentication via hashed passwords. In the meantime, I welcome anyone who's interested to kick pam_smbpass around. It's available for download from ftp://ftp.netexpress.net/pub/pam/ in either tar.gz or RedHat rpm format. Kick it around, let me know if you find any bugs.. It's so far withstood everything I've thrown at it, but there's nothing like putting it on the open network to turn up coding errors. :) -Steve Langasek vorlon@netexpress.net / vorlon@dodds.net -doink-
Matt, With respect to your querry regarding PAM authentication samba checks only for the "auth" and "account" parameters. This means we check that the user is allowed to log on and has a user account on the system. It would be trivial to extend this if anyone feels this is warranted. Cheers, John H Terpstra Samba-Team
Hie all, We have a problem with our samba configuration : - We use a samba server running under solaris, - Our clients can either be running solaris, windows or linux - Our Solaris (and linux) clients use the NIS identification mecanism. We would like that when a user changes its password on a Solaris (or linux) client, the password is changed both in the nis passwd database and in the smbpasswd database. This is currently working for Solaris clients : We use PAM (we added the following line : "other password required /usr/lib/security/pam_smb_passwd.so") + /usr/lib/security/pam_smb_passwd.so The problem is that our pam_smb_passwd.so file is a old version we got from an old samba server. Moreover it is compiled for Solaris. We would like to compile it, in order to have a new version for Solaris, and to have a version for linux. But I cannot identified neither the source files for this module nor the way I should compile it. - Which module is the right one? pam_smbpass? pam_smb? any other? - Where might I get it? - Is there any trick to compile it? Thanks for your help -- Matthieu EXBRAYAT Maitre de Conference / Associate Professor LIFO, Universite d'Orleans, France Tel: +33 2 38 41 72 34 Fax: +33 2 38 41 71 37
Matthieu Exbrayat wrote:> > Hie all, > > We have a problem with our samba configuration : > - We use a samba server running under solaris, > - Our clients can either be running solaris, windows or linux > - Our Solaris (and linux) clients use the NIS identification mecanism. > > We would like that when a user changes its password on a Solaris (or > linux) client, > the password is changed both in the nis passwd database and in the > smbpasswd database. > > This is currently working for Solaris clients : We use PAM > (we added the following line : "other password required > /usr/lib/security/pam_smb_passwd.so") > + /usr/lib/security/pam_smb_passwd.so > > The problem is that our pam_smb_passwd.so file is a old version we got > from an old samba server. Moreover it is compiled for Solaris. > We would like to compile it, in order to have a new version for Solaris, > and to have a version for linux. > But I cannot identified neither the source files for this module nor the > way I should compile it. > > - Which module is the right one? pam_smbpass? pam_smb? any other? > - Where might I get it? > - Is there any trick to compile it?./configure --with-pam_smbpass in the latest Samba 2.2 or 3.0 version (I think its working in both). Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net
hi, i've tried to get my samba usernames and passwords in sync with samba's support for pam. the pam module has been compiled and samba has been compiled with pam support. as i understand, the pam module keeps the usernames and password in sync. but i just can't get it to work. anyone tried this before and got it to work? i tried the examples pam config files. but somewhere im making a mistake or missing something. thanks, adriaan