I am using an experimental configuration of samba with ldap. LDAP is used for linux login and imap authentication. Samba is used for domain login and file sharing.
I have got the following ldap|pam|samba stuff installed on the system pam-0.75-25mdk samba-client-2.2.6-1.1mdk nss_ldap-202-1.1mdk perl-Authen-PAM-0.13-3mdk samba-common-ldap-2.2.6-1.1mdk samba-server-ldap-2.2.6-1.1mdk samba-winbind-ldap-2.2.6-1.1mdk mod_auth_ldap-1.6.0-7mdk openldap-2.0.25-7mdk openldap-clients-2.0.25-7mdk perl-ldap-0.26-2mdk pam-devel-0.75-25mdk libldap2-devel-static-2.0.25-7mdk libldap2-2.0.25-7mdk samba-swat-ldap-2.2.6-1.1mdk openldap-servers-2.0.25-7mdk openldap-back_ldap-2.0.25-7mdk openldap-guide-2.0.25-7mdk courier-imap-ldap-1.6.0-1mdk libldap2-devel-2.0.25-7mdk pam_ldap-148-3mdk Everything is up and running with one exception When I try to do a password change from a windows machine I get the following error ( repeated about 8 times ) [2003/01/02 18:51:48, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,65534) now set to (0,-1) uid=(0,65534) [2003/01/02 18:51:48, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid If I get rid of the password syncing option in the smb.conf the password gets changed with no problems but with the pam password change = yes option set in the file the user password change fails . I want to get the password syncing working because it would be cool for my users to have a single password for mail/unix stuff etc. Anyone encountered this before ? I've done a lot of googling and searched the bugs database but nobody seems to have encountered this problem before. I can change a users unix ( ldap ) password straight from the command line (using the passwd program) without any problems. This is the /etc/pam.d/passwd configuration that I have set up .... #%PAM-1.0 auth sufficient /lib/security/pam_ldap.so auth required /lib/security/pam_unix_auth.so use_first_pass account sufficient /lib/security/pam_ldap.so account required /lib/security/pam_unix_acct.so # I commented this out in case samba couldn't handle it ... #password required /lib/security/pam_cracklib.so retry=3 password sufficient /lib/security/pam_ldap.so password required /lib/security/pam_pwdb.so try_first_pass This is the /etc/pam.d/samba config .... #%PAM-1.0 auth sufficient /lib/security/pam_ldap.so auth required /lib/security/pam_unix_auth.so try_first_pass account sufficient /lib/security/pam_ldap.so account required /lib/security/pam_unix_acct.so I also tried this config ..... #%PAM-1.0 auth required /lib/security/pam_nologin.so auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth No errors with that one but the password remained unchanged .... Any ideas guys ? I reckon I must have screwed up the pam configuration for /etc/pam.d/samba but I am no pam expert so I am currently thrashing arround in the dark .... Kind Regards Bryan -- Bryan Hunt Systems Enginering Manager Ossidian Technologies Ltd Blackrock Co Dublin IRELAND Tel +353-1-2787111 Fax +353-1-2787136