From: Alexander L. <ale...@sb...> - 2001-02-19 15:40:46
|
Hello, I just tried to authenticate Apache users against a Samba machine combining mod_auth_pam (Apache) and pam_smb, but without much success. My configuration: --- /etc/pam.d/httpd --- auth required pam_smb_auth.so debug #auth required pam_unix.so account required pam_unix.so session required pam_unix.so --- /etc/pam_smb.conf --- DOMAIN DC1 DC2 --- /etc/apache/access.conf --- <Directory /var/www/geheim> AllowOverride AuthConfig </Directory> --- /var/www/geheim/.htaccess --- AuthPAM_Enabled on AuthType Basic AuthName "ganzgeheim" require user webuser The interesting part is, with wu-ftpd, everything is working fine. I do not need to have a correct password for the user in /etc/shadow, if the user exists in /etc/passwd and pam_smb finds her password in /etc/samba/smbpasswd to be correct, it lets her in. --- /etc/pam.d/wu-ftpd --- #%PAM-1.0 auth required pam_listfile.so item=3Duser sense=3Ddeny file=3D/etc/wu-= ftpd/ftpuserd auth required pam_smb_auth.so debug # auth required pam_unix.so auth required pam_shells.so account required pam_unix.so session required pam_unix.so My log files look like this when I try to access http://server/geheim/ --- /var/log/auth.log --- Feb 19 16:29:06 dc1 apache[17323]: pam_smb: Local UNIX username/password = check incorrect. Feb 19 16:29:06 dc1 apache[17323]: pam_smb: Configuration Data, Primary D= C1, Backup DC2, Domain DOMAIN. Feb 19 16:29:06 dc1 apache[17323]: pam_smb: Correct NT username/password = pair When I try to log in the same user via wu-ftpd, I get a successful login: Feb 19 16:31:17 dc1 wu-ftpd[17425]: pam_smb: Local UNIX username/password= check incorrect. Feb 19 16:31:17 dc1 wu-ftpd[17425]: pam_smb: Configuration Data, Primary = DC1, Backup DC2, Domain DOMAIN. Feb 19 16:31:17 dc1 wu-ftpd[17425]: pam_smb: Correct NT username/password= pair --- /var/log/syslog --- Feb 19 16:31:14 dc1 wu-ftpd[17425]: connect from localhost Feb 19 16:31:17 dc1 wu-ftpd[17425]: FTP LOGIN FROM localhost [127.0.0.1],= webuser Feb 19 16:31:18 dc1 wu-ftpd[17425]: FTP session closed --- /var/log/apache/error.log --- [Mon Feb 19 16:29:0e6 2001] [error] (13)Permission denied: access to /geh= eim/ failed for 192.168.82.10, reason: Authentication service cannot retr= ieve authentication info. I am using Debian 2.2 (potato), Apache 1.3.9, Samba 2.0.7, and my apache is running as www-data (at least the child processes). It doesn't make a difference if the user's password is correct in /etc/shadow. Does anybody have a correct Apache/SMB authentication up and running? Thanks for your help Alex ----- Jede neue Erkenntnis mu=DF zwei H=FCrden =FCberwinden: das Vorurteil der "Fachleute", und die Beharrlichkeit eingeschliffener Denksysteme.=20 Herophilus |