Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Samba HowTo Guide
Prev Home Next

Example System Configurations

The following is an example /etc/pam.d/login configuration file. This example had all options uncommented and is probably not usable because it stacks many conditions before allowing successful completion of the login process. Essentially, all conditions can be disabled by commenting them out, except the calls to pam_pwdb.so.

PAM: Original Login Config

#%PAM-1.0
# The PAM configuration file for the “login” service
#
auth         required    pam_securetty.so
auth         required    pam_nologin.so
# auth       required    pam_dialup.so
# auth       optional    pam_mail.so
auth         required    pam_pwdb.so shadow md5
# account    requisite   pam_time.so
account      required    pam_pwdb.so
session      required    pam_pwdb.so
# session    optional    pam_lastlog.so
# password   required    pam_cracklib.so retry=3
password     required    pam_pwdb.so shadow md5

PAM: Login Using pam_smbpass

PAM allows use of replaceable modules. Those available on a sample system include:

$ /bin/ls /lib/security

pam_access.so    pam_ftp.so          pam_limits.so     
pam_ncp_auth.so  pam_rhosts_auth.so  pam_stress.so     
pam_cracklib.so  pam_group.so        pam_listfile.so   
pam_nologin.so   pam_rootok.so       pam_tally.so      
pam_deny.so      pam_issue.so        pam_mail.so       
pam_permit.so    pam_securetty.so    pam_time.so       
pam_dialup.so    pam_lastlog.so      pam_mkhomedir.so  
pam_pwdb.so      pam_shells.so       pam_unix.so       
pam_env.so       pam_ldap.so         pam_motd.so       
pam_radius.so    pam_smbpass.so      pam_unix_acct.so  
pam_wheel.so     pam_unix_auth.so    pam_unix_passwd.so
pam_userdb.so    pam_warn.so         pam_unix_session.so

The following example for the login program replaces the use of the pam_pwdb.so module that uses the system password database (/etc/passwd, /etc/shadow, /etc/group) with the module pam_smbpass.so, which uses the Samba database containing the Microsoft MD4 encrypted password hashes. This database is stored either in /usr/local/samba/private/smbpasswd, /etc/samba/smbpasswd or in /etc/samba.d/smbpasswd, depending on the Samba implementation for your UNIX/Linux system. The pam_smbpass.so module is provided by Samba version 2.2.1 or later. It can be compiled by specifying the --with-pam_smbpass options when running Samba's configure script. For more information on the pam_smbpass module, see the documentation in the source/pam_smbpass directory of the Samba source distribution.

#%PAM-1.0
# The PAM configuration file for the “login” service
#
auth        required    pam_smbpass.so nodelay
account     required    pam_smbpass.so nodelay
session     required    pam_smbpass.so nodelay
password    required    pam_smbpass.so nodelay

The following is the PAM configuration file for a particular Linux system. The default condition uses pam_pwdb.so.

#%PAM-1.0
# The PAM configuration file for the “samba” service
#
auth       required     pam_pwdb.so nullok nodelay shadow audit
account    required     pam_pwdb.so audit nodelay
session    required     pam_pwdb.so nodelay
password   required     pam_pwdb.so shadow md5

In the following example, the decision has been made to use the smbpasswd database even for basic Samba authentication. Such a decision could also be made for the passwd program and would thus allow the smbpasswd passwords to be changed using the passwd program:

#%PAM-1.0
# The PAM configuration file for the “samba” service
#
auth       required     pam_smbpass.so nodelay
account    required     pam_pwdb.so audit nodelay
session    required     pam_pwdb.so nodelay
password   required     pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf

Samba HowTo Guide
Prev Home Next

 
 
  Published under the terms fo the GNU General Public License Design by Interspire