thr3ads.net - samba - [Samba] Samba Hylafax PAM [Jan 2016]

If this information is useful, please help other people find it:
Share via:

Marcel Ebbrecht

2016-Jan-18 09:14 UTC

[Samba] Samba Hylafax PAM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
Hi,

I posted this also on hylafax list - maybe here is someone with a hint.


System: Debian Jessie, Hylafax-Server 6.0.6, pam 1.1.8, libpam-ldapd
0.9.4, nslcd 0.9.4 (all actual debian packets from stable),
sernet-samba-*-4.2.7-8

After a switch from OpenLDAP to a Samba 4.2 based LDAP Server, I cannot
auth users anymore in Hylafax, everything else works. All on Debian
Jessie.

Strace:
11:30:44.510380 send(2, "<83>Jan  9 11:30:44 HylaFAX[25657]:
pam_ldap(hylafax:auth): conversation failed", 79, MSG_NOSIGNAL) = 79
<0.000066>
11:30:44.510592 send(2, "<83>Jan  9 11:30:44 HylaFAX[25657]:
pam_ldap(hylafax:auth): conversation failed", 79, MSG_NOSIGNAL) = 79
<0.000041>
11:30:44.510875 send(2, "<83>Jan  9 11:30:44 HylaFAX[25657]:
pam_ldap(hylafax:auth): failed to get password: Authentication token
manipulation error", 123, MSG_NOSIGNAL) = 123 <0.000060>

To shorten my mail: Is there anyone out there who made it? I mean
authentication for hylafax against a Samba 4 DC ? I tried: pam_ldap,
pam_winbind, ... everything (ssh local login, ...) works, except hylafax.

Any hints?

Greetings

Marcel

- -- 
Marcel Ebbrecht <m.ebbrecht at dortmundit.de>
e2 consulting UG (haftungsbeschraenkt)

Geschaeftssitz:
Rheinlanddamm 201
D-44139 Dortmund

Telefon: +49 231 39982051
Telefax: +49 231 44677897
Mobil: +49 160 90345852
Jabber: m.ebbrecht at dortmundit.de
Internet: https://www.dortmundit.de

Handelsregister Dortmund HRB 24666
Geschaeftsfuehrer: Marcel Ebbrecht
Steuernummer: 314/5723/1889
USTID: DE283203942

PKI: https://ssl.dortmundit.de:18016

AGB: http://agb.dortmundit.de

Diese E-Mail und moegliche Anhaenge enthalten vertrauliche
Informationen, die rechtlich besonders geschuetzt sein koennen. Wenn Sie
nicht der beabsichtigte Empfaenger bzw. Adressat dieser E-mail sind und
diese E-Mail etwa aufgrund eines technischen Fehlers oder eines
Versehens erhalten haben, informieren Sie uns bitte sofort und loeschen
Sie anschliessend die E-Mail. Das unbefugte Kopieren dieser E-Mail,
etwaiger Anhaenge sowie die unbefugte Weitergabe der enthaltenen
Informationen an Dritte ist nicht gestattet.

This e-mail message together with its attachments, if any, is
confidential and may contain information subject to legal privilege
(e.g. attorney-client-privilege). If you are not the intended recipient
or have received this e-mail in error, please inform us immediately and
delete this message. Any unauthorised copying of this message (and
attachments) or unauthorised distribution of the information contained
herein is prohibited.

Go Green! Print this email only when necessary.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJWnKz4AAoJEJZXnGDd3rHkpdgH/1OGcOodmX+2Qz/1H49p/Oo+
DEX3IpFOpd7bud5IaHb8/uPxbDlIMF6w4yCTUgXXRJSO8Kdlpi6CZXkG4nK7kzWc
iGxp3LSiocqA8td2Z3LRSgw7AT8F3zcEmAp/VwoeSh7txbmr6e70xJZMEwCuxY9u
91twajsY1E+PYRt8nvU+Y+atCLfv4jqL4FMTcA3ajJsdxgpD3urfdSRzZyPisbUm
b82Gm36GcMtPerRHNmhrPUbwr7KkP/PFH7ny2DPtfTaPwkDAEMwIrFiDt1FVAiTX
MAM3iTmy1B+tWbA15rGB5Cy+WrqaKSOG4Z5XNqlc+HzW79TGGQSmsbRJ+kxxx3U=musP
-----END PGP SIGNATURE-----

L.P.H. van Belle

2016-Jan-18 10:48 UTC

head link

[Samba] Samba Hylafax PAM

Hai, 

I dont have hylafax running atm, but can you check for the following. 

/etc/pam.d/common-account/password/session .. etc.  and pam_ldap

Look for any : minimum_uid=1000  if you see that, remove
"minimum_uid=1000"
And whats the UID for user : hylafax 

After the changes, 
stop nslcd. 
Restart samba 
Restart hylafax

If needed reboot the server. 
And check again. 

This is the first and only i can think of, it would be handy if above does not
work, you share some more info of your config.


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Marcel Ebbrecht
> Verzonden: maandag 18 januari 2016 10:15
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Samba Hylafax PAM
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Hi,
> 
> I posted this also on hylafax list - maybe here is someone with a hint.
> 
> 
> System: Debian Jessie, Hylafax-Server 6.0.6, pam 1.1.8, libpam-ldapd
> 0.9.4, nslcd 0.9.4 (all actual debian packets from stable),
> sernet-samba-*-4.2.7-8
> 
> After a switch from OpenLDAP to a Samba 4.2 based LDAP Server, I cannot
> auth users anymore in Hylafax, everything else works. All on Debian
> Jessie.
> 
> Strace:
> 11:30:44.510380 send(2, "<83>Jan  9 11:30:44 HylaFAX[25657]:
> pam_ldap(hylafax:auth): conversation failed", 79, MSG_NOSIGNAL) = 79
> <0.000066>
> 11:30:44.510592 send(2, "<83>Jan  9 11:30:44 HylaFAX[25657]:
> pam_ldap(hylafax:auth): conversation failed", 79, MSG_NOSIGNAL) = 79
> <0.000041>
> 11:30:44.510875 send(2, "<83>Jan  9 11:30:44 HylaFAX[25657]:
> pam_ldap(hylafax:auth): failed to get password: Authentication token
> manipulation error", 123, MSG_NOSIGNAL) = 123 <0.000060>
> 
> To shorten my mail: Is there anyone out there who made it? I mean
> authentication for hylafax against a Samba 4 DC ? I tried: pam_ldap,
> pam_winbind, ... everything (ssh local login, ...) works, except hylafax.
> 
> Any hints?
> 
> Greetings
> 
> Marcel
> 
> - --
> Marcel Ebbrecht <m.ebbrecht at dortmundit.de>
> e2 consulting UG (haftungsbeschraenkt)
> 
> Geschaeftssitz:
> Rheinlanddamm 201
> D-44139 Dortmund
> 
> Telefon: +49 231 39982051
> Telefax: +49 231 44677897
> Mobil: +49 160 90345852
> Jabber: m.ebbrecht at dortmundit.de
> Internet: https://www.dortmundit.de
> 
> Handelsregister Dortmund HRB 24666
> Geschaeftsfuehrer: Marcel Ebbrecht
> Steuernummer: 314/5723/1889
> USTID: DE283203942
> 
> PKI: https://ssl.dortmundit.de:18016
> 
> AGB: http://agb.dortmundit.de
> 
> Diese E-Mail und moegliche Anhaenge enthalten vertrauliche
> Informationen, die rechtlich besonders geschuetzt sein koennen. Wenn Sie
> nicht der beabsichtigte Empfaenger bzw. Adressat dieser E-mail sind und
> diese E-Mail etwa aufgrund eines technischen Fehlers oder eines
> Versehens erhalten haben, informieren Sie uns bitte sofort und loeschen
> Sie anschliessend die E-Mail. Das unbefugte Kopieren dieser E-Mail,
> etwaiger Anhaenge sowie die unbefugte Weitergabe der enthaltenen
> Informationen an Dritte ist nicht gestattet.
> 
> This e-mail message together with its attachments, if any, is
> confidential and may contain information subject to legal privilege
> (e.g. attorney-client-privilege). If you are not the intended recipient
> or have received this e-mail in error, please inform us immediately and
> delete this message. Any unauthorised copying of this message (and
> attachments) or unauthorised distribution of the information contained
> herein is prohibited.
> 
> Go Green! Print this email only when necessary.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> 
> iQEcBAEBCAAGBQJWnKz4AAoJEJZXnGDd3rHkpdgH/1OGcOodmX+2Qz/1H49p/Oo+
> DEX3IpFOpd7bud5IaHb8/uPxbDlIMF6w4yCTUgXXRJSO8Kdlpi6CZXkG4nK7kzWc
> iGxp3LSiocqA8td2Z3LRSgw7AT8F3zcEmAp/VwoeSh7txbmr6e70xJZMEwCuxY9u
> 91twajsY1E+PYRt8nvU+Y+atCLfv4jqL4FMTcA3ajJsdxgpD3urfdSRzZyPisbUm
> b82Gm36GcMtPerRHNmhrPUbwr7KkP/PFH7ny2DPtfTaPwkDAEMwIrFiDt1FVAiTX
> MAM3iTmy1B+tWbA15rGB5Cy+WrqaKSOG4Z5XNqlc+HzW79TGGQSmsbRJ+kxxx3U> =musP
> -----END PGP SIGNATURE-----
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

Marcel Ebbrecht

2016-Jan-25 18:54 UTC

head link

[Samba] Samba Hylafax PAM

Hi Louis,

I gave it another shot - but without success.

System: Debian Jessie, Hylafax-Server 6.0.6, pam 1.1.8, libpam-ldapd
0.9.4, nslcd 0.9.4 (all actual debian packets from stable),
sernet-samba-*-4.2.7-8

I got a Samba4 AD DC and use winbind or pam_ldapd on many servers
successfully. On the specific machine (asterisk with hylafax and
iaxmodem - works like a charm) pam works - I can switch to a different
user, login by ssh with ad users a.s.o. - everything works, except
hylafax auth :(

I can also login with user created with hylafax itself. But when I put

auth required    pam_access.so
auth            sufficient              pam_ldap.so
account         sufficient              pam_ldap.so
password        sufficient              pam_ldap.so

in /etc/pam.d/hylafax, I get

Jan 25 08:28:40 voip1 HylaFAX[1560]: pam_ldap(hylafax:auth):
conversation failed
Jan 25 08:28:40 voip1 HylaFAX[1560]: pam_ldap(hylafax:auth):
conversation failed
Jan 25 08:28:40 voip1 HylaFAX[1560]: pam_ldap(hylafax:auth): failed to
get password: Authentication token manipulation error

Same result with winbind and classic pam_ldap without nslcd :(

I dont want to spam you - what kind information do you want :)

Greetings :)

Marcel

Am 18.01.2016 um 11:48 schrieb L.P.H. van Belle:> Hai, > > I dont have hylafax running atm, but can you check for thefollowing. > > /etc/pam.d/common-account/password/session .. etc.  and
pam_ldap > > Look for any : minimum_uid=1000  if you see that, remove
"minimum_uid=1000" > And whats the UID for user : hylafax > >
After the
changes, > stop nslcd. > Restart samba > Restart hylafax > > If
needed
reboot the server. > And check again. > > This is the first and only i
can think of, it would be handy if above does not work, you share some
more info of your config. > > > Greetz, > > Louis > > >
>>
-----Oorspronkelijk bericht----- >> Van: samba
[mailto:samba-bounces at lists.samba.org] Namens Marcel Ebbrecht >>
Verzonden: maandag 18 januari 2016 10:15 >> Aan: samba at
lists.samba.org>> Onderwerp: [Samba] Samba Hylafax PAM >> >>
> Hi,
>
> I posted this also on hylafax list - maybe here is someone with a hint.
>
>
> System: Debian Jessie, Hylafax-Server 6.0.6, pam 1.1.8, libpam-ldapd
> 0.9.4, nslcd 0.9.4 (all actual debian packets from stable),
> sernet-samba-*-4.2.7-8
>
> After a switch from OpenLDAP to a Samba 4.2 based LDAP Server, I cannot
> auth users anymore in Hylafax, everything else works. All on Debian
> Jessie.
>
> Strace:
> 11:30:44.510380 send(2, "<83>Jan  9 11:30:44 HylaFAX[25657]:
> pam_ldap(hylafax:auth): conversation failed", 79, MSG_NOSIGNAL) = 79
> <0.000066>
> 11:30:44.510592 send(2, "<83>Jan  9 11:30:44 HylaFAX[25657]:
> pam_ldap(hylafax:auth): conversation failed", 79, MSG_NOSIGNAL) = 79
> <0.000041>
> 11:30:44.510875 send(2, "<83>Jan  9 11:30:44 HylaFAX[25657]:
> pam_ldap(hylafax:auth): failed to get password: Authentication token
> manipulation error", 123, MSG_NOSIGNAL) = 123 <0.000060>
>
> To shorten my mail: Is there anyone out there who made it? I mean
> authentication for hylafax against a Samba 4 DC ? I tried: pam_ldap,
> pam_winbind, ... everything (ssh local login, ...) works, except hylafax.
>
> Any hints?
>
> Greetings
>
> Marcel
>
>> >> >> -- >> To unsubscribe from this list go to the
following URL andread the >> instructions: 
https://lists.samba.org/mailman/options/samba> > >
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.samba.org/pipermail/samba/attachments/20160125/8ca1b65f/signature.sig>

L.P.H. van Belle

2016-Jan-26 10:56 UTC

head link

[Samba] Samba Hylafax PAM

O, try the following. 

 

Test this first. 

ldd /usr/sbin/hfaxd

 if you getting libpam.so..  something, then hylafax is compiled with pam
support.

 

Next, 

 

apt-get install libpam-ldap   ( just to be sure, i do believe you have installed
it already )

 

create the file :  

/etc/pam.d/hylafax 

Add : 

 

auth         required       pam_ldap.so

account   required       pam_ldap.so

session    required       pam_ldap.so

 

and check the content of : 

 

/etc/pam_ldap.conf

And this as example adjust as needed. 

 

base dc=domain,dc=local

uri ldap://dc01.domain.local/ ldap://dc02.domain.local/

ldap_version 3

binddn auth_ldap_user at domain.local

bindpw password

rootbinddn auth_ldap_user at domain.local

pam_filter objectclass=user

pam_login_attribute sAMAccountName

pam_password crypt

 

^^ test with and without the pam_password crypt 

And test with 

pam_password bind  

 

 

Greetz, 

 

Louis

 

 


Van: Marcel Ebbrecht [mailto:m.ebbrecht at dortmundit.de] 
Verzonden: maandag 25 januari 2016 19:54
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] Samba Hylafax PAM


 

Hi Louis,

I gave it another shot - but without success. 

System: Debian Jessie, Hylafax-Server 6.0.6, pam 1.1.8, libpam-ldapd
0.9.4, nslcd 0.9.4 (all actual debian packets from stable),
sernet-samba-*-4.2.7-8

I got a Samba4 AD DC and use winbind or pam_ldapd on many servers successfully.
On the specific machine (asterisk with hylafax and iaxmodem - works like a
charm) pam works - I can switch to a different user, login by ssh with ad users
a.s.o. - everything works, except hylafax auth :(

I can also login with user created with hylafax itself. But when I put 

auth required    pam_access.so
auth            sufficient              pam_ldap.so
account         sufficient              pam_ldap.so
password        sufficient              pam_ldap.so

in /etc/pam.d/hylafax, I get 

Jan 25 08:28:40 voip1 HylaFAX[1560]: pam_ldap(hylafax:auth): conversation failed
Jan 25 08:28:40 voip1 HylaFAX[1560]: pam_ldap(hylafax:auth): conversation failed
Jan 25 08:28:40 voip1 HylaFAX[1560]: pam_ldap(hylafax:auth): failed to get
password: Authentication token manipulation error

Same result with winbind and classic pam_ldap without nslcd :(

I dont want to spam you - what kind information do you want :)

Greetings :)

Marcel

Am 18.01.2016 um 11:48 schrieb L.P.H. van Belle:> Hai, 
> 
> I dont have hylafax running atm, but can you check for the following. 
> 
> /etc/pam.d/common-account/password/session .. etc.  and pam_ldap
> 
> Look for any : minimum_uid=1000  if you see that, remove
"minimum_uid=1000"
> And whats the UID for user : hylafax 
> 
> After the changes, 
> stop nslcd. 
> Restart samba 
> Restart hylafax
> 
> If needed reboot the server. 
> And check again. 
> 
> This is the first and only i can think of, it would be handy if above does
not work, you share some more info of your config.
> 
> 
> Greetz, 
> 
> Louis
> 
> 
> 
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Marcel
Ebbrecht
>> Verzonden: maandag 18 januari 2016 10:15
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] Samba Hylafax PAM
>> 
>>


Hi,

I posted this also on hylafax list - maybe here is someone with a hint.


System: Debian Jessie, Hylafax-Server 6.0.6, pam 1.1.8, libpam-ldapd
0.9.4, nslcd 0.9.4 (all actual debian packets from stable),
sernet-samba-*-4.2.7-8

After a switch from OpenLDAP to a Samba 4.2 based LDAP Server, I cannot
auth users anymore in Hylafax, everything else works. All on Debian
Jessie.

Strace:
11:30:44.510380 send(2, "<83>Jan  9 11:30:44 HylaFAX[25657]:
pam_ldap(hylafax:auth): conversation failed", 79, MSG_NOSIGNAL) = 79
<0.000066>
11:30:44.510592 send(2, "<83>Jan  9 11:30:44 HylaFAX[25657]:
pam_ldap(hylafax:auth): conversation failed", 79, MSG_NOSIGNAL) = 79
<0.000041>
11:30:44.510875 send(2, "<83>Jan  9 11:30:44 HylaFAX[25657]:
pam_ldap(hylafax:auth): failed to get password: Authentication token
manipulation error", 123, MSG_NOSIGNAL) = 123 <0.000060>

To shorten my mail: Is there anyone out there who made it? I mean
authentication for hylafax against a Samba 4 DC ? I tried: pam_ldap,
pam_winbind, ... everything (ssh local login, ...) works, except hylafax.

Any hints?

Greetings

Marcel
>> 
>> 
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 
>

Reasonably Related Threads

Search for more reasonably related threads

samba - Jan 2016 - Samba Hylafax PAM

[Samba] Samba Hylafax PAM

[Samba] Samba Hylafax PAM

[Samba] Samba Hylafax PAM

[Samba] Samba Hylafax PAM

Reasonably Related Threads