Description of problem: Incorrent /etc/pam.d/samba caused authentication failure Version-Release number of selected component (if applicable): [hurtta@amanda pam.d]$ cat /etc/redhat-release Red Hat Enterprise Linux ES release 4 (Nahant Update 6) [hurtta@amanda pam.d]$ rpm -qa samba samba-3.0.25b-1.el4_6.2 [hurtta@amanda pam.d]$ ------------------------------------------------------------------------ Samba was updated from [root@amanda ~]# rpm -qa '*samba*' samba-3.0.10-1.4E.12.2 samba-common-3.0.10-1.4E.12.2 to (via up2date) Name Version Rel ---------------------------------------------------------- samba 3.0.25b 1.el4_6.2 x86_64 samba-common 3.0.25b 1.el4_6.2 x86_64 ------------------------- On new version there was error [2007/11/19 15:15:23, 0, pid=3007, effective(0, 0), real(0, 0)] auth/pampass.c:smb_pam_account(572) smb_pam_account: PAM: UNKNOWN PAM ERROR (28) during Account Management for User: hurtta This error occured when on config was obey pam restrictions = yes syslog reported: Nov 22 16:19:10 amanda smbd[12945]: PAM unable to dlopen(/lib/security/pam_stack.so) Nov 22 16:19:10 amanda smbd[12945]: PAM [dlerror: /lib/security/pam_stack.so: cannot open shared object file: No such file or directory] Nov 22 16:19:10 amanda smbd[12945]: PAM adding faulty module: /lib/security/pam_stack.so On that machine modules are not on /lib/security !! [hurtta@amanda pam.d]$ ls -la /lib/security/ total 16 drwxr-xr-x 2 root root 4096 Sep 7 12:23 . drwxr-xr-x 10 root root 4096 Nov 23 04:02 .. [hurtta@amanda pam.d]$ ls -la /lib64/security/ total 2800 drwxr-xr-x 3 root root 4096 Nov 23 04:02 . drwxr-xr-x 7 root root 4096 Nov 25 04:02 .. -rwxr-xr-x 1 root root 19104 Sep 7 12:23 pam_access.so -rwxr-xr-x 1 root root 19992 Aug 22 2006 pam_ccreds.so samba packageg includes following pam config [hurtta@amanda pam.d]$ cat samba auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth [hurtta@amanda pam.d]$ However just removing /lib/security/ from that file resulted new error Nov 22 16:49:26 amanda smbd[24020]: [2007/11/22 16:49:26, 0, pid=24020, effective(0, 0), real(0, 0)] auth/pampass.c:smb_pam_error_handler(73) Nov 22 16:49:26 amanda smbd[24020]: smb_pam_error_handler: PAM: session setup failed : System error There was misisng 'session' on samba -file. Working /etc/pam.d/samba is [hurtta@amanda pam.d]$ cat /etc/pam.d/samba auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth session required pam_stack.so service=system-auth [hurtta@amanda pam.d]$ / Kari Hurtta
Thanks for the report, I will make sure this is fixed in the next release.
*** Bug 415611 has been marked as a duplicate of this bug. ***
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
I can confirm this error and it is killing us. Over several iterations of RHEL 4 updates, I have never had this problem. The latest update has caused this. I have checked the selinux contexts and made sure everything is correct. What's puzzling is that the dlopen file is there with right contexts etc. I too tried removing the absolute path, and even sticking in the /lib64 prefix instead of /lib. Same problem. My machine is a Dell poweredge 1950 x86_64 2.6.9-67.ELsmp #1 SMP Wed Nov 7 13:56:44 EST 2007 x86_64 x86_64 x86_64 GNU/Linux
Well, I was fuming (after several hours of futile tries) and so I just now noticed Karl's suggestion. That works for me too. Thanks.
Created attachment 291391 [details] Working /etc/pam.d/samba
Created attachment 291392 [details] /etc/pam.d/samba patch to make it work
For me on an i386 system, adding the mission "session" line to /etc/pam.d/samba made authentication work again. The absolute paths didn't matter, so I kept them.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2008-0711.html