[Bug 1894899] Re: smbd with "obey pam restrictions" enabled unmounts my interactive users' ecryptfs home directory

Thu, 10 Sep 2020 13:36:11 -0700 

Thank you for reporting this, that was indeed a long bug description. I
read it entirely - so you don't think I skipped any detail on purpose,
If I did it was an accident - and the way I see this could be something
as simple as:

SAMBA upstream has:

obey pam restrictions = no (by default)

and, according to man page:

      obey pam restrictions (G)

           When Samba 3.0 is configured to enable PAM support (i.e. 
--with-pam), this parameter
           will control whether or not Samba should obey PAM's account and 
session management
           directives. The default behavior is to use PAM for clear text 
authentication only and
           to ignore any account or session management. Note that Samba always 
ignores PAM for
           authentication in the case of encrypt passwords = yes. The reason is 
that PAM modules
           cannot support the challenge/response authentication mechanism 
needed in the presence
           of SMB password encryption.

           Default: obey pam restrictions = no

but the default we have in Debian/Ubuntu is "true". I could not find a
specific reason to it.

----

>From PAM.. the only thing I could notice is this:

/etc/pam.d/samba includes:

@include common-auth
@include common-account
@include common-session-noninteractive

and the difference between non-interactive and interactive is this
setting:

session optional    pam_systemd.so

that interactive session includes (and non-interactive does not).

----

The "session" comes from session-noninteractive PAM configuration file.

(1)

What do you have in that file ? I wonder if you're getting some kind of
session timeout for your interactive and/or non interactive sessions.

(2)

What does it happen if you run sudo pam-auth-update and enables Unix
authentication only ?

Nevertheless, this does not seem like a bug (yet ?) to me, but a
misconfiguration.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1894899

Title:
  smbd with "obey pam restrictions" enabled unmounts my interactive
  users' ecryptfs home directory

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1894899/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to