Hello qmailers,

I thought I should post this one the list if anyone is trying to use NT
authentication to selectively allow relaying in qmail, and has had
trouble.
I can say I did! After giving up on the checkpassword based on squid's
MSNTAuth (an old version) I moved on to checkpassword + PAM patch
(applied to checkpassword 0.90) that worked - but I had too much trouble

with Windbind from Samba-tng project to make it work.

When a helpful someone on my local linux mailing list pointed out that
the problem wasn't with PAM - it was with checkpassword - the problem
was found.
Checkpassword uses a getpwnam() call that has the same effect as
pam_smb_auth without the nolocal option. I do not want to have accounts
for all my NT users on the qmail server. I puzzled for days why
checkpassword+pam wasn't doing auths unless there was a local account on

the machine (except for accounts with "\" in them like winbind uses).

Checkpassword that uses Msntauth available for download from the qmail
page gave me some grief - so I took a diff from it against the MSNTAuth
it was based on and applied it to the latest version of MsNTauth that
comes with squid. I then had to comment out the parts of smbauth.c
(checkpassword.c in normal checkpassword) that runs the doit function
and sets up the environment (PWD HOME USER and so on). Note one should
only do this if they are using checkpassword for mail relaying. Not
setting up the environment would break qmail-pop3d I think.

I hope this helps someone who searches the archives. Someone should
upgrade the version of checkpassword on the qmail page to be based on
the latest msntauth source and add a define to to use the getpwnam()
function or set up the environment that depends on this function. I'll
put my hand up to do this if nobody else will.

Best Regards,

Luke McKee


-------- Original Message --------
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
BCC: Steve Cavey <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
Date: Mon, 28 May 2001 18:15:17 +1000
From: Luke McKee <[EMAIL PROTECTED]>
Organization: Webpay
X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.4 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: Del <[EMAIL PROTECTED]>
CC: [EMAIL PROTECTED]
Subject: Re: [SLUG] Fwd: pam_smb question
References: <20010528131624.A6663@willow>
<[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Del,

Thanks heaps for your help!
The problem wasn't with PAM all this time, it was the fact there was
getpwnam() in the program I was using. If getpwnam() didn't work then it

would exit.

I got shitted with winbind is not working at all now that I broke it
futher by removing the NT workstation account before adding it again in
troubleshooting so I went back to where I was before I tried to use PAM.

I removed getpwnam from the checkpassword replacement that is based on
msntauth from squid. It didn't work so I did a extracted a patch from it

against the version of msntauth it was based on.
Using the patchfile I created I patched version 2.0 of msntauth that
came
with the latest squid. The after commenting out the subroutine that used

getpwnam the bitch finally worked. YAY :-)

I'll revisit samba-tng/winbindd in the future when my level of patience
and frustration is restored :-)

Luke McKee

Reply via email to