Hello again, I hope this list is not inappropriate for questions about pam-krb5. I am trying to set up a standalone Samba server that integrates (as well as possible) with our LDAP and Kerberos infrastructure. Obviously this is cumbersome and difficult with the current state of affairs in Samba (and a bit off-topic here). Using Kerberos 1.8.1 on Ubuntu 10.04.3.
On the Samba server I want to use pam-krb5 together with pam-smbpass so changing the password via Samba changes both the Kerberos and the Samba password. Unfortunately my tests don't work. Enabling debugging on the PAM modules I see this in the Samba server's auth.log when calling "smbpasswd -r" on a remote machine. pam_smbpass(samba:chauthtok): username [testuser] obtained pam_smbpass(samba:chauthtok): Located account for testuser pam_krb5(samba:chauthtok): pam_sm_chauthtok: entry (0xc000) pam_krb5(samba:chauthtok): (user testuser) attempting authentication as [email protected] pam_krb5(samba:chauthtok): (user testuser) error getting password: Conversation error pam_krb5(samba:chauthtok): pam_sm_chauthtok: exit (failure) pam_smbpass(samba:chauthtok): username [testuser] obtained pam_smbpass(samba:chauthtok): Located account for testuser pam_krb5(samba:chauthtok): pam_sm_chauthtok: entry (0xc000) pam_krb5(samba:chauthtok): (user testuser) attempting authentication as [email protected] pam_krb5(samba:chauthtok): (user testuser) error getting password: Conversation error pam_krb5(samba:chauthtok): pam_sm_chauthtok: exit (failure) Apparently pam-krb5 runs into a problem when being called from Samba. It works fine when called via the 'passwd' program and changing the Kerberos password in this way works correctly. The Kerberos server itself doesn't show anything in the logs, even with debugging enabled. I'd like to know what this error message by pam-krb5 means and how to debug this further, if possible. For reference, /etc/pam.d/samba looks like this: auth requisite pam_krb5.so debug auth optional pam_smbpass.so migrate debug account required pam_krb5.so debug password optional pam_smbpass.so nullok use_authtok try_first_pass debug password required pam_krb5.so use_authtok try_first_pass debug session required pam_krb5.so debug Thanks in advance, Andreas
signature.asc
Description: OpenPGP digital signature
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
