Leena and all the list,
First of all, thanks for your reply.
The /etc/pam_smb.conf was already readable by all user:
-rw-r--r-- 1 root other 27 Jun 15 14:27 /etc/pam_smb.conf
Following you suggestion I wrote in uppercase the name of the PDC+BDC. So
this is the content of the file /etc/pam_smb.conf:
MTCI_NT01
NTS01A
NTS02A
About the permissions on the file /etc/shadow.
Originally the file was readable only by root.
I modified the permissions on /etc/shadow: now everyone can read it.
With the /etc/imapd.conf file with these lines I can logon using the account
on the solaris box:
configdirectory: /data/imap
partition-default: /data/spool/imap
admins: cyrus root
allowanonymouslogin: no
quotawarn: 90
sasl_pwcheck_method: PAM
tls_cert_file: /data/imap/server.pem
tls_key_file: /data/imap/server.pem
And these are the logs:
imapd.log
[...]
Jun 18 14:32:02 uxs03 imapd[13931]: [ID 237943 local6.notice] login:
localhost[127.0.0.1] avm018 plaintext
Jun 18 14:32:02 uxs03 imapd[13931]: [ID 921384 local6.debug] accepted
connection
[...]
auth.log
[...]
Jun 18 14:32:01 uxs03 IMP[361]: [ID 800047 auth.notice] Login 10.162.36.176
to localhost:143 as avm018
Jun 18 14:32:02 uxs03 imapd[13931]: [ID 481214 auth.debug] pam_smb: Local
UNIX username/password pair correct.
[...]
If I try to logon to my mailbox using my account on the PDC (with the same
userID of the Unix account, and with the same name of the cyrus mailbox) I
have an error.
imapd.log
[...]
Jun 18 14:34:51 uxs03 imapd[13936]: [ID 921384 local6.debug] accepted
connection
Jun 18 14:34:51 uxs03 imapd[13936]: [ID 427203 local6.debug]
pam_authenticate: error Can not retrieve authentication info
[...]
auth.log
[...]
Jun 18 14:34:51 uxs03 imapd[13936]: [ID 498107 auth.debug] pam_smb: Local
UNIX username/password check incorrect.
Jun 18 14:34:51 uxs03 imapd[13936]: [ID 562731 auth.debug] pam_smb:
Configuration Data, Primary NTS01A , Backup NTS02A , Domain MTCI_NT01.
Jun 18 14:34:54 uxs03 imapd[13936]: [ID 498107 auth.debug] pam_smb: Local
UNIX username/password check incorrect.
Jun 18 14:34:54 uxs03 imapd[13936]: [ID 562731 auth.debug] pam_smb:
Configuration Data, Primary NTS01A , Backup NTS02A , Domain MTCI_NT01.
Jun 18 14:34:57 uxs03 imapd[13936]: [ID 498107 auth.debug] pam_smb: Local
UNIX username/password check incorrect.
Jun 18 14:34:57 uxs03 imapd[13936]: [ID 562731 auth.debug] pam_smb:
Configuration Data, Primary NTS01A , Backup NTS02A , Domain MTCI_NT01.
Jun 18 14:35:00 uxs03 IMP[141]: [ID 800047 auth.notice] FAILED 10.162.36.176
to localhost:143 as avm018
[...]
I expect that the pam_smb_auth module asks to the PDC the validation of my
mail account (as shown in "Configuration Data..."). But it seems that the
ckeck is done on the local unix account...
Perhaps I didn't understood something about this pam_smb_auth module.
My task is configuring a mail server with Cyrus running as a "black box"
(i.e. mail users should not have normal shell accounts on the server), using
a NT PDC for user validation (and for password management).
Hope that someone can help me.
Vito
-----Original Message-----
From: Leena Heino [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 15, 2001 2:21 PM
To: Maltese Vito-AVM018
Subject: Re: Password policy: Cyrus+pam_smb_auth on Solaris 8
On Fri, 15 Jun 2001, Maltese Vito-AVM018 wrote:
> I created the file /etc/pam_smb.conf adding the domain + PDC + BDC:
> <DOMAIN>
> <host1>
> <host2>
>
Just a silly question. Is your /etc/pam_smb.conf readable by Cyrus user?
When I tried the pam_smb I had to write domain controller's name with
uppercase letters, otherwise it would not work.
> Jun 15 10:16:29 uxs03 imapd[3382]: [ID 498107 auth.debug] pam_smb: Local
> UNIX username/password check incorrect.
Do your Cyrus user have rights to access /etc/shadow?
> Thanks for any help,
>
> Vito
>
>
>
>
-- Leena Heino ([EMAIL PROTECTED])
