Ubuntu 10.04 LTS Samba/Swat 3.4.7~dfsg-1u I'm required to use cracklib or passwdqc in pam.d But turns out that the above pam module break SWAT. Swat says: SAMR connection to machine NT_STATUS_ACCESS_DENIED failed. Error was 127.0.0.1, but LANMAN password changed are disabled The passwd has NOT been changed. log.smbd: [2012/03/29 17:34:28, 0] auth/pampass.c:705(smb_pam_chauthtok) PAM: UNKNOWN PAM ERROR (19) for User: user2 I have confirmed that this is because of the pam modules. Removing the pam modules restore SWAT ok again. --- Example of /etc/pam.d/common-password With cracklib: password requisite pam_cracklib.so retry=3 minlen=8 difok=3 [default setting: see A] With passwdqc: password requisite pam_passwdqc.so [default setting: see A] Default setting: password [success=2 default=ignore] pam_unix.so obscure sha512 password [success=1 default=ignore] pam_winbind.so use_authtok try_first_pass password requisite pam_deny.so password required pam_permit.so password optional pam_smbpass.so nullok use_authtok use_first_pass Thank you.
Re-assigning to Kai.
I think I've seen this before somewhere, let me see if I can find the bug report with the analysis. I seem to remember that was actually an issue with another pam library and not with SWAT itself, but I'll recheck.
There we go. At least in Ubuntu 12.04 where I debugged this the last time, libpam-smbpass is broken and causes swat to fail. In 12.04, that leads to a crash, I haven't tried for 10.04 (or Samba 3.4.7). Can you get me the output of "nm /lib/security/pam_smbpass.so" so we can check if this is the same problem?
swat is removed in 4.1