Red Hat Bugzilla – Bug 422721
Password change fails with samba pam module
Last modified: 2014-04-07 06:59:22 EDT
Description of problem:
Trying to change passwords while using pam fail because of bad pam.d/samba file
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install samba-3.0.25b-1.el4_6.2
2. set "pam password change = yes"
3. Try to change windows password
Changing password fails
Password change successful
On previous version (and future rhel5 version) then pam.d/samba file contained:
auth required pam_nologin.so
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
The current version only contains:
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
If you set the pam.d/samba back to the previous version then passwords are
allowed to be changed again.
On 64 bit RHEL4 systems, Samba authentication by 64 bit apps via PAM is
completely broken, as pam.d/samba points to the 32 bit shared library directory
only. You need to remove the /lib/security path from the entries.
There are already multiple bugs open about the library path being incorrect.
This bug deals with the fact that there are sections of the pam file that are
missing. Even if the paths are corrected the password change problem would
exist on both 32 and 64 bit.
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.