Bug 6687 - pam_session not correctly handled
pam_session not correctly handled
Status: RESOLVED INVALID
Product: Samba 3.4
Classification: Unclassified
Component: File services
3.4.0
Other Linux
: P3 normal
: ---
Assigned To: Guenther Deschner
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-09-03 00:49 UTC by Blindauer Emmanuel
Modified: 2009-09-03 18:05 UTC (History)
0 users

See Also:


Attachments
smb.conf (2.80 KB, text/plain)
2009-09-03 03:25 UTC, Blindauer Emmanuel
no flags Details
smb 3.2.7, log level 5 (73.00 KB, text/plain)
2009-09-03 06:46 UTC, Blindauer Emmanuel
no flags Details
smb 3.4.0, log level 5 (74.30 KB, text/plain)
2009-09-03 06:47 UTC, Blindauer Emmanuel
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Blindauer Emmanuel 2009-09-03 00:49:36 UTC
Hi
I've tried to upgrade me 3.2.7 file server to 3.4.0, samba member of an AD 2003, using winbind.

I use pam_mkhomedir in pam_session to create the [homes]  share for each user.
It seems that something has gone wrong because there is no more call to pam_session

Instead, the server says it can't access the /home/$user share which is normal as it hasn't been created.

I've traced the call to pam_session in 23.2.7, and looked for the log in same place for 3.4.0, there is no call to "smb_pam_start" in 3.4.0

the 3.4.0 log with the falling creation:

  Get_Pwnam_internals did find user [DPTINFO+s.altun]!
[2009/09/03 07:24:18,  5] auth/auth_util.c:1517(fill_sam_account)
  fill_sam_account: located username was [DPTINFO+s.altun]
[2009/09/03 07:24:18,  4] lib/substitute.c:504(automount_server)
  Home server: oie
[2009/09/03 07:24:18,  4] lib/substitute.c:504(automount_server)
  Home server: oie
[2009/09/03 07:24:18,  3] auth/auth.c:271(check_ntlm_password)
  check_ntlm_password: winbind authentication for user [s.altun] succeeded
[2009/09/03 07:24:18,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/09/03 07:24:18,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/09/03 07:24:18,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/09/03 07:24:18,  5] auth/token_util.c:522(debug_nt_user_token)
  NT user token: (NULL)
[2009/09/03 07:24:18,  5] auth/token_util.c:548(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2009/09/03 07:24:18,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/09/03 07:24:18,  5] auth/auth.c:297(check_ntlm_password)
  check_ntlm_password:  PAM Account for user [DPTINFO+s.altun] succeeded
[2009/09/03 07:24:18,  2] auth/auth.c:310(check_ntlm_password)
  check_ntlm_password:  authentication for user [s.altun] -> [s.altun] -> [DPTINFO+s.altun] succeeded



the 3.2.7 with the call to pampass.c:
  Get_Pwnam_internals did find user [DPTINFO+s.altun]!
[2009/09/03 07:36:36,  5] auth/auth_util.c:fill_sam_account(1404)
  fill_sam_account: located username was [DPTINFO+s.altun]
[2009/09/03 07:36:36,  4] lib/substitute.c:automount_server(500)
  Home server: oie
[2009/09/03 07:36:36,  4] lib/substitute.c:automount_server(500)
  Home server: oie
[2009/09/03 07:36:36,  3] auth/auth.c:check_ntlm_password(269)
  check_ntlm_password: winbind authentication for user [s.altun] succeeded
[2009/09/03 07:36:36,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/09/03 07:36:36,  3] smbd/uid.c:push_conn_ctx(407)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/09/03 07:36:36,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/09/03 07:36:36,  5] auth/token_util.c:debug_nt_user_token(466)
  NT user token: (NULL)
[2009/09/03 07:36:36,  5] auth/token_util.c:debug_unix_user_token(492)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2009/09/03 07:36:36,  4] auth/pampass.c:smb_pam_start(470)
  smb_pam_start: PAM: Init user: DPTINFO+s.altun
[2009/09/03 07:36:36,  4] auth/pampass.c:smb_pam_start(487)
  smb_pam_start: PAM: setting rhost to: ::ffff:130.79.80.98
[2009/09/03 07:36:36,  4] auth/pampass.c:smb_pam_start(496)
  smb_pam_start: PAM: setting tty
[2009/09/03 07:36:36,  4] auth/pampass.c:smb_pam_start(504)
  smb_pam_start: PAM: Init passed for user: DPTINFO+s.altun
[2009/09/03 07:36:36,  4] auth/pampass.c:smb_pam_account(562)
  smb_pam_account: PAM: Account Management for User: DPTINFO+s.altun
[2009/09/03 07:36:36,  4] auth/pampass.c:smb_pam_account(581)
  smb_pam_account: PAM: Account OK for User: DPTINFO+s.altun
[2009/09/03 07:36:36,  4] auth/pampass.c:smb_pam_end(450)
  smb_pam_end: PAM: PAM_END OK.
[2009/09/03 07:36:36,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/09/03 07:36:36,  5] auth/auth.c:check_ntlm_password(295)
  check_ntlm_password:  PAM Account for user [DPTINFO+s.altun] succeeded
[2009/09/03 07:36:36,  2] auth/auth.c:check_ntlm_password(308)
  check_ntlm_password:  authentication for user [s.altun] -> [s.altun] -> [DPTINFO+s.altun] succeeded
Comment 1 Guenther Deschner 2009-09-03 03:11:06 UTC
Could you please upload your smb.conf ?
Comment 2 Blindauer Emmanuel 2009-09-03 03:25:10 UTC
Created attachment 4634 [details]
smb.conf
Comment 3 Blindauer Emmanuel 2009-09-03 06:46:59 UTC
Created attachment 4635 [details]
smb 3.2.7,  log level 5
Comment 4 Blindauer Emmanuel 2009-09-03 06:47:19 UTC
Created attachment 4636 [details]
smb 3.4.0,  log level 5
Comment 5 Guenther Deschner 2009-09-03 14:53:49 UTC
The only explanation I have for this is that smbd has not been built with pam support. Could you please check (and paste here) the output of:

smbd -b | grep PAM

Thanks.
Comment 6 Blindauer Emmanuel 2009-09-03 15:26:50 UTC
I'm not sure about the real values from smbd -b :

# ./smbd -b | grep PAM
   HAVE_SECURITY_PAM_APPL_H
   HAVE_SECURITY_PAM_EXT_H
   HAVE_SECURITY_PAM_MODULES_H
   HAVE_SECURITY__PAM_MACROS_H
   HAVE_LIBPAM
   HAVE_PAM_GET_DATA
   HAVE_PAM_VSYSLOG
   WITH_PAM
   WITH_PAM_MODULES
   WITH_PAM
   WITH_PAM_MODULES

With the first try, I have made a build with:

./configure --prefix=/usr/local/samba/ 

After that, I've rebuild all with :
./configure --with-syslog --with-winbind --with-ads --with-acl-support --with-pam --with-quotas --prefix=/usr/local/samba/

but I didn't make a make clean between both build (I assumed that new config.h -> full recompilation )

I'll try with a clean rebuild of these tools.


Comment 7 Blindauer Emmanuel 2009-09-03 16:54:52 UTC
Ok, I've made a "make clean", and rebuilded and installed all programs, and now, PAM is working correctly.
My fault, sorry.
Comment 8 Guenther Deschner 2009-09-03 18:05:35 UTC
:-) Glad it works now.