Hi I've tried to upgrade me 3.2.7 file server to 3.4.0, samba member of an AD 2003, using winbind. I use pam_mkhomedir in pam_session to create the [homes] share for each user. It seems that something has gone wrong because there is no more call to pam_session Instead, the server says it can't access the /home/$user share which is normal as it hasn't been created. I've traced the call to pam_session in 23.2.7, and looked for the log in same place for 3.4.0, there is no call to "smb_pam_start" in 3.4.0 the 3.4.0 log with the falling creation: Get_Pwnam_internals did find user [DPTINFO+s.altun]! [2009/09/03 07:24:18, 5] auth/auth_util.c:1517(fill_sam_account) fill_sam_account: located username was [DPTINFO+s.altun] [2009/09/03 07:24:18, 4] lib/substitute.c:504(automount_server) Home server: oie [2009/09/03 07:24:18, 4] lib/substitute.c:504(automount_server) Home server: oie [2009/09/03 07:24:18, 3] auth/auth.c:271(check_ntlm_password) check_ntlm_password: winbind authentication for user [s.altun] succeeded [2009/09/03 07:24:18, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/09/03 07:24:18, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/09/03 07:24:18, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/09/03 07:24:18, 5] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2009/09/03 07:24:18, 5] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/09/03 07:24:18, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/09/03 07:24:18, 5] auth/auth.c:297(check_ntlm_password) check_ntlm_password: PAM Account for user [DPTINFO+s.altun] succeeded [2009/09/03 07:24:18, 2] auth/auth.c:310(check_ntlm_password) check_ntlm_password: authentication for user [s.altun] -> [s.altun] -> [DPTINFO+s.altun] succeeded the 3.2.7 with the call to pampass.c: Get_Pwnam_internals did find user [DPTINFO+s.altun]! [2009/09/03 07:36:36, 5] auth/auth_util.c:fill_sam_account(1404) fill_sam_account: located username was [DPTINFO+s.altun] [2009/09/03 07:36:36, 4] lib/substitute.c:automount_server(500) Home server: oie [2009/09/03 07:36:36, 4] lib/substitute.c:automount_server(500) Home server: oie [2009/09/03 07:36:36, 3] auth/auth.c:check_ntlm_password(269) check_ntlm_password: winbind authentication for user [s.altun] succeeded [2009/09/03 07:36:36, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/09/03 07:36:36, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/09/03 07:36:36, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/09/03 07:36:36, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/09/03 07:36:36, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/09/03 07:36:36, 4] auth/pampass.c:smb_pam_start(470) smb_pam_start: PAM: Init user: DPTINFO+s.altun [2009/09/03 07:36:36, 4] auth/pampass.c:smb_pam_start(487) smb_pam_start: PAM: setting rhost to: ::ffff:130.79.80.98 [2009/09/03 07:36:36, 4] auth/pampass.c:smb_pam_start(496) smb_pam_start: PAM: setting tty [2009/09/03 07:36:36, 4] auth/pampass.c:smb_pam_start(504) smb_pam_start: PAM: Init passed for user: DPTINFO+s.altun [2009/09/03 07:36:36, 4] auth/pampass.c:smb_pam_account(562) smb_pam_account: PAM: Account Management for User: DPTINFO+s.altun [2009/09/03 07:36:36, 4] auth/pampass.c:smb_pam_account(581) smb_pam_account: PAM: Account OK for User: DPTINFO+s.altun [2009/09/03 07:36:36, 4] auth/pampass.c:smb_pam_end(450) smb_pam_end: PAM: PAM_END OK. [2009/09/03 07:36:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/09/03 07:36:36, 5] auth/auth.c:check_ntlm_password(295) check_ntlm_password: PAM Account for user [DPTINFO+s.altun] succeeded [2009/09/03 07:36:36, 2] auth/auth.c:check_ntlm_password(308) check_ntlm_password: authentication for user [s.altun] -> [s.altun] -> [DPTINFO+s.altun] succeeded
Could you please upload your smb.conf ?
Created attachment 4634 [details] smb.conf
Created attachment 4635 [details] smb 3.2.7, log level 5
Created attachment 4636 [details] smb 3.4.0, log level 5
The only explanation I have for this is that smbd has not been built with pam support. Could you please check (and paste here) the output of: smbd -b | grep PAM Thanks.
I'm not sure about the real values from smbd -b : # ./smbd -b | grep PAM HAVE_SECURITY_PAM_APPL_H HAVE_SECURITY_PAM_EXT_H HAVE_SECURITY_PAM_MODULES_H HAVE_SECURITY__PAM_MACROS_H HAVE_LIBPAM HAVE_PAM_GET_DATA HAVE_PAM_VSYSLOG WITH_PAM WITH_PAM_MODULES WITH_PAM WITH_PAM_MODULES With the first try, I have made a build with: ./configure --prefix=/usr/local/samba/ After that, I've rebuild all with : ./configure --with-syslog --with-winbind --with-ads --with-acl-support --with-pam --with-quotas --prefix=/usr/local/samba/ but I didn't make a make clean between both build (I assumed that new config.h -> full recompilation ) I'll try with a clean rebuild of these tools.
Ok, I've made a "make clean", and rebuilded and installed all programs, and now, PAM is working correctly. My fault, sorry.
:-) Glad it works now.