Recently I have installed samba 3.4.8 on my device. Since then ftp (vsftp,proftpd) which is taking users from samba database with pam_smbpass.so is not working. After enabling detailed log I have noticed it is looking for the passwords in smbpasswd (/etc/samba/private) which is of zero size . I think all users passwd are located in passwd.tdb.I could fix this by giving "passdb backend=smbpasswd" .
somewhere I read smbpasswd is obsolete , and recommended to use tdbsam ..
and /etc/pam.d/ftp file is
root@storage:/# cat /etc/pam.d/ftp
auth required /lib/security/pam_smbpass.so
account required /lib/security/pam_nologin.so
account required /lib/security/pam_smbpass.so
password required /lib/security/pam_smbpass.so
session required /lib/security/pam_unix.so
How can I tell pam_smbpass module to use passdb.tdb (tdbsam) .?. Please tell me I have been trying for last 2 days.did not it find anything.
Below is email conversation with John T from samba team.
On 07/03/2010 08:50 AM, Kandukuru_Suresh@emc.com wrote:
> Dear JHT,
> Thanks for the quick reply.in
> http://www.samba.org/samba/history/samba-3.4.0.html .
> Samba team is recommending to use tdbsam.
Not just recommending - it is the default now. The smbpasswd file can not contain the information needed to fully support current MS Windows clients. The result is the smbpasswd format storage of MS Windows networking credentials has been obsoleted.
> just wanted to know one thing,
> from samba 3.4 default backend has been changed to tdbsam , why for
> one of the module "pam_smbpass" in samba code is still looking for
> passwords in smbpasswd?.is there any patch for that?.
The pam_smbpasswd module has not been updated because noone has contributed the necessary patches. The tdbsam backend has been available since September 2003, so my take on this is that VERY few people use pam_smbpasswd. If more were using it, someone might by now have done something about the lack of support for tsbsam (and ldapsam for that matter) in the pam_smbpasswd module.
> will this be removed in higher versions of samba than > 3.4?
Probably. Why don't you file a bug report on https://bugzilla.samba.org ? - that is the only way you might get action on this.
> I find several people asking the question on net.did not find any
> answer.anticipating your reply.
Sorry to disappoint you.
> Configuration changes
> !!! ATTENTION !!!
> The default passdb backend has been changed to 'tdbsam'! That breaks
> existing setups using the 'smbpasswd' backend without explicit
> Please use
> 'passdb backend = smbpasswd' if you would like to stick to the
> backend or convert your smbpasswd entries using e.g. 'pdbedit -i
> smbpasswd -e tdbsam'.
> The 'tdbsam' backend is much more flexible concerning per user
> settings like 'profile path' or 'home directory' and there are some
> commands which do not work with the 'smbpasswd' backend at all.
> -----Original Message-----
> From: email@example.com
> [mailto:firstname.lastname@example.org] On Behalf Of John H Terpstra
> Sent: Saturday, July 03, 2010 6:31 PM
> To: email@example.com
> Subject: Re: [Samba] pam_smbpass.so passdb.tdb support
> On 07/03/2010 05:29 AM, Kandukuru_Suresh@emc.com wrote:
>> Recently I have installed samba 3.4.8 on my device. Since then ftp
>> (vsftp,proftpd) which is taking users from samba database with
>> pam_smbpass.so is not working. After enabling detailed log I have
>> noticed it is looking for the passwords in smbpasswd
>> (/etc/samba/private) which is of zero size . I think all users passwd
>> are located in passwd.tdb.I could fix this by giving "passdb
>> backend=smbpasswd" .
>> somewhere I read smbpasswd is obsolete , and recommended to use
>> tdbsam ..
>> and /etc/pam.d/ftp file is
>> root@storage:/# cat /etc/pam.d/ftp
>> auth required /lib/security/pam_smbpass.so
>> account required /lib/security/pam_nologin.so
>> account required /lib/security/pam_smbpass.so
>> password required /lib/security/pam_smbpass.so
>> session required /lib/security/pam_unix.so
>> How can I tell pam_smbpass module to use passdb.tdb (tdbsam) .?.
>> tell me I have been trying for last 2 days. Did not find anything.
> You can not do that without changing the pam_smbpasswd code. This
> module specifically operates against the smbpasswd file.
> -John T.
pam_winbind is recommended to be used. pam_smbpass was deprecated for a while and will be dropped with 4.4.