[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

PAM_unix Authentication failure



OK guys, before I spend too much time playing with all the options and
reading lengthy HOWTO's I'd like to know if someone can point me in the
right direction for this problem. My apologies if this is a newbie
question.

#The situation#
I have a client using RH Linux 6.2 with PAM 0.72 RPM loaded. They are
using this particular server as their Samba based print server. They have
been complaining for some time about "slow printing" and "waiting a long
time for the printers to respond". When I reviewed the /var/log/messages
file I see multiple entries similar to the following:

Apr  9 13:48:13 <servername> PAM_unix[771]: authentication failure; (uid=0) ->
<username> for samba service

I have upgraded their RedHat RPM's to the lastest available for PAM and
Samba both. ( PAM 0.72 and Samba 2.0.10 ). Listed below is the
/etc/pam.d/samba file (I modified it to "optional"):

auth    optional        /lib/security/pam_stack.so service=system-auth
account optional        /lib/security/pam_stack.so service=system-auth

and the /etc/pam.d/system-auth file which I'v modified slightly from the
original:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        sufficient    /lib/security/pam_unix.so try_first_pass
likeauth md5 shadow debug
auth        required      /lib/security/pam_deny.so
account     sufficient    /lib/security/pam_unix.so
account     required      /lib/security/pam_deny.so
password    required      /lib/security/pam_cracklib.so retry=3
password    sufficient    /lib/security/pam_unix.so try_first_pass
use_authtok md5 shadow
password    required      /lib/security/pam_deny.so
session     required      /lib/security/pam_unix.so

I have verified that while they are waiting the "authentication failure"
entries are logged repeatedly until magically it works and the print
request is accepted. Once thing that they do here that is slightly
different from the norm is they have Samba set for "encrypt passwords = no" and the
appropriate registry modifications to their Win98 workstations. As this is
an internal only connected server, we aren't even that concerned with
authenticating print requests.

Suggestions? Or other files you need to see?

Jim Williams
jimw@linux-class.com






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []