I'm not sure if this is a bug with samba, a bug with the openldap libs or a bug with solaris PAM. Hopefully someone will be able to shed some light on the issue. Pam_smbpass compiled with either gcc or sun cc with freshly compiled openldap libs. pam.conf: other auth requisite pam_authtok_get.so.1 other auth required pam_unix_cred.so.1 other auth sufficient pam_unix_auth.so.1 other auth sufficient pam_krb5.so.1 other account requisite pam_roles.so.1 other account required pam_unix_account.so.1 other account required pam_krb5.so.1 other password required pam_dhkeys.so.1 other password requisite pam_authtok_get.so.1 other password requisite pam_authtok_check.so.1 other password optional pam_smbpass.so use_first_pass other password sufficient pam_krb5.so.1 other password required pam_authtok_store.so.1 other session required pam_unix_session.so.1 Error: -bash-3.00$ passwd david.markey Password: Segmentation Fault Truss Attached. LDD of pam_smbpass: # ldd /usr/lib/security/pam_smbpass.so libthread.so.1 => /lib/libthread.so.1 libpam.so.1 => /lib/libpam.so.1 libsendfile.so.1 => /lib/libsendfile.so.1 libresolv.so.2 => /lib/libresolv.so.2 libnsl.so.1 => /lib/libnsl.so.1 libsocket.so.1 => /lib/libsocket.so.1 libldap-2.4.so.2 => /usr/local/lib/libldap-2.4.so.2 liblber-2.4.so.2 => /usr/local/lib/liblber-2.4.so.2 libc.so.1 => /lib/libc.so.1 libcmd.so.1 => /lib/libcmd.so.1 libmp.so.2 => /lib/libmp.so.2 libmd.so.1 => /lib/libmd.so.1 libscf.so.1 => /lib/libscf.so.1 libgen.so.1 => /lib/libgen.so.1 libsasl.so.1 => /usr/lib/libsasl.so.1 libdoor.so.1 => /lib/libdoor.so.1 libuutil.so.1 => /lib/libuutil.so.1 libm.so.2 => /lib/libm.so.2 Snippet of smb.conf: passdb backend = ldapsam:ldap://ldap.cs.dit.ie #passdb backend = smbpasswd username map = /usr/local/samba/lib/smbusers unix password sync = yes passwd chat = "Changing*\nNew password*" %n\n "*Retype new password*" %n\n" passwd program = /usr/local/smbldap-tools/smbldap-passwd -u %u #passwd program = /usr/bin/passwd %u passwd chat debug = yes passwd chat timeout = 20 #pam password change = yes # Specifying printing subsystem # Path to IDEALX scripts (we will get to that soon) # # if you want to add machines to domain automaticaly, add machine script is: # add machine script = /usr/local/sbin/smbldap-useradd -w -i %u # proved on SUSE 10.0 # # Various other directives ( man smb.conf ) #################################################### #obey pam restrictions = Yes logon script = scripts\logon.bat logon path = \\%L\Profiles\%U logon drive = H: logon home = \\%L\%U domain logons = Yes os level = 128 preferred master = Yes domain master = Yes dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd show add printer wizard = yes # OpenLDAP stuff is defined here ################################################### ldap suffix = dc=cs,dc=dit,dc=ie ldap machine suffix = ou=Computers ldap user suffix = ou=People ldap group suffix = ou=Group ldap idmap suffix = ou=People ldap admin dn = "cn=Directory Manager" ldap ssl = start_tls ldap passwd sync = Yes If anyone could help me that would be great. It seems to behave when the backend is set to local database for some reason.
Created attachment 3269 [details] Truss output
is there a specific reason why you don't use the system LDAP libs? I fixed samba so that it works with the Solaris system libs quite a while ago. I guess your openldap libs clash with the system ldap libs at some point. Can you try not to use openldap?
(In reply to comment #2) > is there a specific reason why you don't use the system LDAP libs? I fixed > samba so that it works with the Solaris system libs quite a while ago. I guess > your openldap libs clash with the system ldap libs at some point. Can you try > not to use openldap? > I am using the solaris ldap libs but a major problem is that i cant get SSL/tls to work, and its pretty important to have ssl/tls with pam_smbpass.so! If you know any way to get SSL to work with the solaris libs plz let me know.
see bug #3504 for that. You can find patches that add Solaris LDAP SSL support for older and newer Samba releases. You might try that. If you have problems with that patch please report them there :-). As an openldap linked samba on solaris is a known problem I'll close this bug as wontfix now.