Created attachment 948482 [details] Samba Configuration File I am trying to setup samba between my Fedora 20 machines, but each of them is rejecting my user login. I am attaching log and config file. Firewall and SELinux has been configured appropriately. I have also tried flushing iptables and disabled SELinux, just to make sure that one of those two was not the problem.
Created attachment 948483 [details] Samba Log File
Thank you for taking the time and report a bug. I'm sorry but the provided information are insufficient. Please read https://www.samba.org/~asn/reporting_samba_bugs.txt and provide more details.
Sorry I forgot about this report. I did manage to locate the issue. After I disabled PAM Restrictions, I had no problem logging in via SMB. So I checked the PAM settings and found that /etc/pam.d/samba was missing. I created one with default content and got it working with PAM enabled. So what you need, is to add the missing PAM file to your samba package. /etc/pam.d/samba ---------------- #%PAM-1.0 auth include system-auth account include system-auth password include system-auth session include system-auth
Also the log that I did provide, is actually quite informative about this problem, which is the reason why I tried with PAM disabled. "PAM: Account Validation Failed"
I never needed to create such a file to connect to a samba share as a user. Something seems to be wrong with your configuration ...
In that case you most likely do not have PAM enabled. PAM is an authentication module that needs to have specific information about the process trying to use it. No information means no access. So when samba sends the authentication to pam, and pam can't find a file for samba, it returns "authentication rejected" back to samba which in turn refuses to log in. Just check your own config and see if you have "obey pam restrictions = yes" in the "[global]" section of your /etc/samba/smb.conf. If this is missing or if this is set to "no", then that is the reason why you do not have any problems.
In your smb.conf you have obey pam restrictions = yes this means Samba will have to do PAM account management and that requires PAM configuration file.
I know this, that is what I was saying before. Which is why the samba package for fedora should be packed with such file, in order to allow people to use pam authentication.
We just made the same comment at roughly same time. I agree we need to add /etc/pam.d/samba.
Sounds great. It's easy enough to add manually, but it seams foolish not to have it in the package. I have seen countless of forum threads with this particular issue due to this missing file.
The documentation states: Note that Samba always ignores PAM for authentication in the case of encrypt passwords = yes. The reason is that PAM modules cannot support the challenge/response authentication mechanism needed in the presence of SMB password encryption. Your config file has: encrypt passwords = yes So it should ignore PAM restrictions.
(In reply to Andreas Schneider from comment #11) > The documentation states: > > Note that Samba always ignores PAM for authentication in the case of encrypt > passwords = yes. The reason is that PAM modules cannot support the > challenge/response authentication mechanism needed in the presence of SMB > password encryption. > > Your config file has: encrypt passwords = yes > > > So it should ignore PAM restrictions. Andreas, we generally ignore the PAM auth stack, but we still run through the account and session stacks if 'obey pam restrictions' is set to yes. We must have forgot to bring over the samba pam file from the 3.x packaging, as I am sure we had one back then. Please add the file in the server's subpackage.
This message is a reminder that Fedora 20 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 20. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '20'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 20 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 20 changed to end-of-life (EOL) status on 2015-06-23. Fedora 20 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.