My company, which is a mac-heavy shop in the printing industry, needed to migrate to a faster file server. As our directory trees are very large, both Samba, and Netatalk were bogging down badly on our Linux server (Samba, due to heavy CPU usage during directory listings - the case-sensitive file system issue, and netatalk because the cnid db was getting too big).
Our solution was to switch to a Mac server running a Thunderbolt RAID array. This forced us into using Lion, as the only Snow Leopard machines with thunderbolt ports are laptops. The new server as extremely fast even with our large file systems. But SMBX is causing numerous problems. Yesterday, I succeeded in getting Samba 3.6.0 compiled and running on Lion, and now have a working Macports package. Only one patch was required: to address issues with NGROUPS_MAX on Lion, which prevented smbd from starting. (FYI: Because groups can be nested in Lion, but getgrouplist() reports the list without nesting, the number of groups in some system account used by Samba, exceeds NGROUPS_MAX. The fix just forces it to 32 in lib/system.c - ugly, but it works). I do not understand how Apple's OpenDirectory integration used to work with Samba in versions <= 10.6. I assume they maintained smbpasswd tokens inside OpenDirectory. Regardless, this is no longer done in Lion. Instead, I attempted to use the pam_smbpass module to sync passwords with the tdb backend. I copied the complied pam_smbpass.dynlib module to /usr/lib/pam/pam_smbpass.so.2. I then setup /etc/pam.d/passwd like so: auth required pam_permit.so account required pam_opendirectory.so password requisite pam_opendirectory.so password required pam_smbpass.so nullok use_authtok try_first_pass session required pam_permit.so This prevents user accounts on the Server from changing their own password at all. The root user can still change individual system account passwords, but no smbpasswd syncing takes place. I have tried several variants on the "password required" line. All of them exhibit the same behavior. I have been unable to find any debug or log information that sheds much light on this behavior. When the user attempts to change their password, this is what is shown in /var/log/secure.log: passwd[229]: in _openpam_check_error_code(): pam_sm_chauthtok(): unexpected return value 12 And this is what the user sees: $ passwd Changing password for <user>. passwd: authentication information is unavailable smbd.log shows nothing at all. If the user's password is changed using the root account, no errors of any kind are logged, and no smbpasswd sync takes place. I know that pam_smbpass works in FreeBSD, which also uses OpenPam, so I doubt it is an OpenPam incompatibility. I'm just not sure where to look next. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba