[Pkg-samba-maint] Bug#601667: libpam-smbpass migrate breaks su (squeeze)
Hanspeter Kunz
hkunz at ifi.uzh.ch
Tue Nov 23 15:13:02 UTC 2010
I am afraid, I was wrong. I realised that su is still broken when I
have
pam_smbpasswd migrate
in common-auth. The error I get (using both libnss/pam-ldap or
libnss/pam-ldapd) is:
unix_chkpwd[23220]: could not obtain user info (root)
Furthermore, and this is actually more annoying, I realised that for
users it is impossible to change their passwords (since a few days).
Doing "passwd" (also with both versions of libnss/pam-ldap[d]) I see in
the log:
passwd[13586]: pam_smbpass(passwd:chauthtok): Cannot access samba
password database, not running as root.
Note that I store passwords in LDAP (and the hash in userPassword is
updated correctly, but as the error suggests, sambaNTPassword is not).
Of course, this could be caused by a configuration error. But:
1. the same config (pam.d/*, smb.conf, ldap.conf) worked under lenny for
a long time
2. If I do "sudo passwd hkunz" the samba hash (in the LDAP) is set
correctly. In the syslog I see:
passwd[17781]: pam_smbpass(passwd:chauthtok): Unable to get uid for
user hkunz
passwd[17781]: pam_smbpass(passwd:chauthtok): password for (hkunz)
changed by (root/0)
I have the impression, that pam_smbpass drops the root privileges for
some reason, and cannot update the samba hash.
Thanks,
Hp
More information about the Pkg-samba-maint
mailing list