Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 79139 - obey pam restrictions does not work by default
obey pam restrictions does not work by default
Product: Red Hat Linux
Classification: Retired
Component: samba (Show other bugs)
i686 Linux
medium Severity low
: ---
: ---
Assigned To: Jay Fenlason
David Lawrence
Depends On:
  Show dependency treegraph
Reported: 2002-12-06 01:12 EST by John Newbigin
Modified: 2014-08-31 19:24 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-05-17 15:30:47 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description John Newbigin 2002-12-06 01:12:32 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2.1) Gecko/20021130

Description of problem:
obey pam restrictions = Yes
does not work with the shipped version of /etc/pam.d/samba
The file needs a session line to make it work

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. edit /etc/samba/smb.conf and set obey pam restrictions = Yes 
2. use smbclient (or anything else) to try and connect to the samba server

Actual Results:  This error is recorded in %m.log
[2002/12/06 15:36:05, 0] passdb/pampass.c:smb_pam_error_handler(72)
  smb_pam_error_handler: PAM: session setup failed : System error

Expected Results:  No errors.

Additional info:

session required        /lib/security/pam_stack.so service=system-auth

to /etc/pam.d/samba will solve the problem.

I don't know if this is still a problem in 7.3 or 8.0 but I though I would add a
bug report to help anyone else who might come across the problem.

I am using encrypt passwords = Yes but I don't think that will make any difference.

Note You need to log in before you can comment on or make changes to this bug.