Hello qmailers, I thought I should post this one the list if anyone is trying to use NT authentication to selectively allow relaying in qmail, and has had trouble. I can say I did! After giving up on the checkpassword based on squid's MSNTAuth (an old version) I moved on to checkpassword + PAM patch (applied to checkpassword 0.90) that worked - but I had too much trouble with Windbind from Samba-tng project to make it work. When a helpful someone on my local linux mailing list pointed out that the problem wasn't with PAM - it was with checkpassword - the problem was found. Checkpassword uses a getpwnam() call that has the same effect as pam_smb_auth without the nolocal option. I do not want to have accounts for all my NT users on the qmail server. I puzzled for days why checkpassword+pam wasn't doing auths unless there was a local account on the machine (except for accounts with "\" in them like winbind uses). Checkpassword that uses Msntauth available for download from the qmail page gave me some grief - so I took a diff from it against the MSNTAuth it was based on and applied it to the latest version of MsNTauth that comes with squid. I then had to comment out the parts of smbauth.c (checkpassword.c in normal checkpassword) that runs the doit function and sets up the environment (PWD HOME USER and so on). Note one should only do this if they are using checkpassword for mail relaying. Not setting up the environment would break qmail-pop3d I think. I hope this helps someone who searches the archives. Someone should upgrade the version of checkpassword on the qmail page to be based on the latest msntauth source and add a define to to use the getpwnam() function or set up the environment that depends on this function. I'll put my hand up to do this if nobody else will. Best Regards, Luke McKee -------- Original Message -------- X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 BCC: Steve Cavey <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> Date: Mon, 28 May 2001 18:15:17 +1000 From: Luke McKee <[EMAIL PROTECTED]> Organization: Webpay X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.4 i686) X-Accept-Language: en MIME-Version: 1.0 To: Del <[EMAIL PROTECTED]> CC: [EMAIL PROTECTED] Subject: Re: [SLUG] Fwd: pam_smb question References: <20010528131624.A6663@willow> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Del, Thanks heaps for your help! The problem wasn't with PAM all this time, it was the fact there was getpwnam() in the program I was using. If getpwnam() didn't work then it would exit. I got shitted with winbind is not working at all now that I broke it futher by removing the NT workstation account before adding it again in troubleshooting so I went back to where I was before I tried to use PAM. I removed getpwnam from the checkpassword replacement that is based on msntauth from squid. It didn't work so I did a extracted a patch from it against the version of msntauth it was based on. Using the patchfile I created I patched version 2.0 of msntauth that came with the latest squid. The after commenting out the subroutine that used getpwnam the bitch finally worked. YAY :-) I'll revisit samba-tng/winbindd in the future when my level of patience and frustration is restored :-) Luke McKee
