[Nottingham] samba/pam

Mike Cardwell lug at blubbernet.com
Sat Jan 1 19:56:48 GMT 2005 

Hi,

I am trying to get Samba to work with pam_mysql so when a user tries to 
access a share, it authenticates them from a MySQL database. I have got it 
to the point where connecting to samba and sending a username causes 
pam_mysql to perform the sql query. I can see it happening in the 
mysql.log,and it is definitely the correct query, but it *always* says 
that I don't have permission to log in. I'm guessing this is a samba/pam 
problem rather than MySQL. I was wondering if any of you chaps could give 
me any advice.

I'm using Debian Sarge, Samba 3.0.10, and MySQL 4

Here's my smb.conf. I'm guessing the problem lies in here:

#======================================================================
[global]
         workgroup = NETWORK
         server string = Upload
         null passwords = no
         encrypt passwords = No
         update encrypted = No

[testshare]
         comment = testshare
         path = /home/testshare/%U
         writeable = Yes
         browseable = No
         hide dot files = yes
         guest ok = no
         create mask = 0777
         directory mask = 0777
         root preexec = mkdir /home/testshare/%U &>/dev/null
#======================================================================

Here is my /etc/pam.d/samba file:

#======================================================================
@include common-auth
@include common-account
@include common-password
@include common-session

auth required pam_mysql.so user=USERNAME passwd=PASSWORD host=LOCALHOST
db=DATABASE usercolumn=user_id crypt=2 passwdcolumn=password table=user

account required pam_mysql.so user=USERNAME passwd=PASSWORD host=LOCALHOST
db=DATABASE usercolumn=user_id crypt=2 passwdcolumn=password table=user

password required pam_mysql.so user=USERNAME passwd=PASSWORD 
host=LOCALHOST
db=DATABASE usercolumn=user_id crypt=2 passwdcolumn=password table=user

session required pam_mysql.so user=USERNAME passwd=PASSWORD host=LOCALHOST
db=DATABASE usercolumn=user_id crypt=2 passwdcolumn=password table=user
#======================================================================

The password column in the database holds passwords that were encrypted 
using the MySQL PASSWORD() function.

Here is the error message I get when trying to connect to it using 
smbclient:

mike at server:~$ smbclient //localhost/testshare -U 2
Password:
session setup failed: NT_STATUS_LOGON_FAILURE

Here is the error message from log.smbd:

[2005/01/01 19:55:32, 0] auth/pampass.c:smb_pam_passcheck(810)
   smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User 2 !

My knowledge of samba isn't very good, so feel free to mock me if it's 
something stupidly simple. ;)

Oh. This might be important. The users in the database are not unix users 
on the system, nor can they be. They are users of a website that runs from 
the server in question, and have usernames/passwords stored in a 
database. I've not used Pam anywhere else.

-- 
Digital photo printing:
http://www.fotoserve.com/?affiliate_id=1093871459

More information about the Nottingham mailing list