422721 – Password change fails with samba pam module

Bug 422721 - Password change fails with samba pam module

Summary: Password change fails with samba pam module

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	samba
Sub Component:
Version:	4.6
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Target Release:	---
Assignee:	Simo Sorce
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1084943
TreeView+	depends on / blocked

Reported:	2007-12-13 00:59 UTC by Shad L. Lords
Modified:	2018-10-19 22:04 UTC (History)
CC List:	3 users (show)
Fixed In Version:	RHBA-2008-0711
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	1084943 (view as bug list)
Environment:
Last Closed:	2008-07-24 19:54:18 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2008:0711	0	normal	SHIPPED_LIVE	samba bug fix and enhancement update	2008-07-23 16:22:02 UTC

Description Shad L. Lords 2007-12-13 00:59:21 UTC

Description of problem:

Trying to change passwords while using pam fail because of bad pam.d/samba file

Version-Release number of selected component (if applicable):

samba-3.0.25b-1.el4_6.2

How reproducible:

Always

Steps to Reproduce:
1. Install samba-3.0.25b-1.el4_6.2
2. set "pam password change = yes"
3. Try to change windows password
  
Actual results:

Changing password fails

Expected results:

Password change successful

Additional info:

On previous version (and future rhel5 version) then pam.d/samba file contained:

#%PAM-1.0
auth       required     pam_nologin.so
auth       required     pam_stack.so service=system-auth
account    required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth

The current version only contains:

auth    required        /lib/security/pam_stack.so service=system-auth
account required        /lib/security/pam_stack.so service=system-auth

If you set the pam.d/samba back to the previous version then passwords are
allowed to be changed again.

Comment 1 Scott Bambrough 2007-12-19 00:16:07 UTC

On 64 bit RHEL4 systems, Samba authentication by 64 bit apps via PAM is
completely broken, as pam.d/samba points to the 32 bit shared library directory
only.  You need to remove the /lib/security path from the entries.

Comment 2 Shad L. Lords 2007-12-19 14:42:29 UTC

There are already multiple bugs open about the library path being incorrect. 
This bug deals with the fact that there are sections of the pam file that are
missing.  Even if the paths are corrected the password change problem would
exist on both 32 and 64 bit.

Comment 3 RHEL Program Management 2008-02-14 21:38:16 UTC

This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 8 errata-xmlrpc 2008-07-24 19:54:18 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2008-0711.html

Note You need to log in before you can comment on or make changes to this bug.