7546 – tdbsam ( passdb.tdb ) support in pam_smbpass.so

Bug 7546 - tdbsam ( passdb.tdb ) support in pam_smbpass.so

Summary: tdbsam ( passdb.tdb ) support in pam_smbpass.so

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Samba 3.4
Classification:	Unclassified
Component:	File services (show other bugs)
Version:	3.4.8
Hardware:	All Linux

Importance:	P3 major
Target Milestone:	---
Assignee:	Volker Lendecke
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-07-03 10:12 UTC by suresh
Modified:	2015-11-19 07:55 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description suresh 2010-07-03 10:12:08 UTC

Recently I have installed samba 3.4.8 on  my device. Since  then ftp (vsftp,proftpd)   which is taking users from samba database with pam_smbpass.so is not working. After enabling  detailed log I have noticed it is looking for the passwords in  smbpasswd (/etc/samba/private) which is of zero size . I think all users passwd are located in passwd.tdb.I could fix this by giving "passdb backend=smbpasswd" .

somewhere I read smbpasswd is obsolete , and recommended to use tdbsam ..

and /etc/pam.d/ftp file is
---------------------
root@storage:/# cat /etc/pam.d/ftp
auth       required     /lib/security/pam_smbpass.so
account    required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_smbpass.so
password   required     /lib/security/pam_smbpass.so
session    required     /lib/security/pam_unix.so
-------------------

How can I tell pam_smbpass module to use passdb.tdb (tdbsam) .?. Please tell me I have been trying for last 2 days.did not it find anything.
---------
Below is email conversation with John T from samba team.

--------------
On 07/03/2010 08:50 AM, Kandukuru_Suresh@emc.com wrote:
> Dear JHT,
>   Thanks for the quick reply.in
> http://www.samba.org/samba/history/samba-3.4.0.html .
> Samba team is recommending to use tdbsam.

Not just recommending - it is the default now.  The smbpasswd file can not contain the information needed to fully support current MS Windows clients.  The result is the smbpasswd format storage of MS Windows networking credentials has been obsoleted.

> just wanted to know one thing,
> from samba 3.4 default backend  has been changed to tdbsam , why for 
> one of the module "pam_smbpass" in samba code is still looking for 
> passwords in smbpasswd?.is there any patch for that?.

The pam_smbpasswd module has not been updated because noone has contributed the necessary patches.  The tdbsam backend has been available since September 2003, so my take on this is that VERY few people use pam_smbpasswd.  If more were using it, someone might by now have done something about the lack of support for tsbsam (and ldapsam for that matter) in the pam_smbpasswd module.

> will this be removed in higher versions of samba than > 3.4?

Probably. Why don't you file a bug report on https://bugzilla.samba.org ? - that is the only way you might get action on this.

> I find several people asking the question on net.did not find any 
> answer.anticipating your reply.

Sorry to disappoint you.

cheers,
John T.

> Configuration changes
> =====================
> 
> !!! ATTENTION !!!
> The default passdb backend has been changed to 'tdbsam'! That breaks 
> existing setups using the 'smbpasswd' backend without explicit 
> declaration!
> Please use
> 'passdb backend = smbpasswd' if you would like to stick to the 
> 'smbpasswd'
> backend or convert your smbpasswd entries using e.g. 'pdbedit -i 
> smbpasswd -e tdbsam'.
> 
> The 'tdbsam' backend is much more flexible concerning per user 
> settings like 'profile path' or 'home directory' and there are some 
> commands which do not work with the 'smbpasswd' backend at all.
> -------------------------
> 
> Thanks
> Suresh
> 
> 
> 
> -----Original Message-----
> From: samba-bounces@lists.samba.org
> [mailto:samba-bounces@lists.samba.org] On Behalf Of John H Terpstra
> Sent: Saturday, July 03, 2010 6:31 PM
> To: samba@lists.samba.org
> Subject: Re: [Samba] pam_smbpass.so passdb.tdb support
> 
> On 07/03/2010 05:29 AM, Kandukuru_Suresh@emc.com wrote:
>> Hi,
>>
>>   Recently I have installed samba 3.4.8 on  my device. Since  then ftp
>> (vsftp,proftpd)   which is taking users from samba database with
>> pam_smbpass.so is not working. After enabling  detailed log I have 
>> noticed it is looking for the passwords in  smbpasswd
>> (/etc/samba/private) which is of zero size . I think all users passwd 
>> are located in passwd.tdb.I could fix this by giving "passdb 
>> backend=smbpasswd" .
>>
>>  
>>
>> somewhere I read smbpasswd is obsolete , and recommended to use 
>> tdbsam ..
>>
>>  
>>
>> and /etc/pam.d/ftp file is
>> ---------------------
>> root@storage:/# cat /etc/pam.d/ftp
>> auth       required     /lib/security/pam_smbpass.so
>> account    required     /lib/security/pam_nologin.so
>> account    required     /lib/security/pam_smbpass.so
>> password   required     /lib/security/pam_smbpass.so
>> session    required     /lib/security/pam_unix.so
>>
>> -------------------
>>
>>  
>>
>> How can I tell pam_smbpass module to use passdb.tdb (tdbsam) .?.
> Please
>> tell me I have been trying for last 2 days. Did  not find anything.
> 
> You can not do that without changing the pam_smbpasswd code. This 
> module specifically operates against the smbpasswd file.
> 
> -John T.


------

Thanks alot

Comment 1 Björn Jacke 2015-11-19 07:55:31 UTC

pam_winbind is recommended to be used. pam_smbpass was deprecated for a while and will be dropped with 4.4.