[Pam-discuss] Apache mod_auth_pam, pam_smb

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hello,

I just tried to authenticate Apache users against a Samba machine
combining mod_auth_pam (Apache) and pam_smb, but without much success.

My configuration:

---
/etc/pam.d/httpd
---
auth    required       pam_smb_auth.so debug
#auth    required        pam_unix.so
account required        pam_unix.so
session required        pam_unix.so

---
/etc/pam_smb.conf
---
DOMAIN
DC1
DC2

---
/etc/apache/access.conf
---
<Directory /var/www/geheim>
AllowOverride AuthConfig
</Directory>

---
/var/www/geheim/.htaccess
---
AuthPAM_Enabled on
AuthType Basic
AuthName "ganzgeheim"
require user webuser

The interesting part is, with wu-ftpd, everything is working fine. I do
not need to have a correct password for the user in /etc/shadow, if the
user exists in /etc/passwd and pam_smb finds her password in
/etc/samba/smbpasswd to be correct, it lets her in.

---
/etc/pam.d/wu-ftpd
---
#%PAM-1.0
auth    required pam_listfile.so item=3Duser sense=3Ddeny file=3D/etc/wu-=
ftpd/ftpuserd
auth    required pam_smb_auth.so debug
# auth    required pam_unix.so
auth    required pam_shells.so
account required pam_unix.so
session required pam_unix.so

My log files look like this when I try to access
http://server/geheim/

---
/var/log/auth.log
---
Feb 19 16:29:06 dc1 apache[17323]: pam_smb: Local UNIX username/password =
check incorrect.
Feb 19 16:29:06 dc1 apache[17323]: pam_smb: Configuration Data, Primary D=
C1, Backup DC2, Domain DOMAIN.
Feb 19 16:29:06 dc1 apache[17323]: pam_smb: Correct NT username/password =
pair

When I try to log in the same user via wu-ftpd, I get a successful login:

Feb 19 16:31:17 dc1 wu-ftpd[17425]: pam_smb: Local UNIX username/password=
 check incorrect.
Feb 19 16:31:17 dc1 wu-ftpd[17425]: pam_smb: Configuration Data, Primary =
DC1, Backup DC2, Domain DOMAIN.
Feb 19 16:31:17 dc1 wu-ftpd[17425]: pam_smb: Correct NT username/password=
 pair

---
/var/log/syslog
---
Feb 19 16:31:14 dc1 wu-ftpd[17425]: connect from localhost
Feb 19 16:31:17 dc1 wu-ftpd[17425]: FTP LOGIN FROM localhost [127.0.0.1],=
 webuser
Feb 19 16:31:18 dc1 wu-ftpd[17425]: FTP session closed

---
/var/log/apache/error.log
---
[Mon Feb 19 16:29:0e6 2001] [error] (13)Permission denied: access to /geh=
eim/ failed for 192.168.82.10, reason: Authentication service cannot retr=
ieve authentication info.

I am using Debian 2.2 (potato), Apache 1.3.9, Samba 2.0.7, and my apache
is running as www-data (at least the child processes).
It doesn't make a difference if the user's password is correct in
/etc/shadow.

Does anybody have a correct Apache/SMB authentication up and running?

Thanks for your help

Alex

-----
Jede neue Erkenntnis mu=DF zwei H=FCrden =FCberwinden: das Vorurteil der
"Fachleute", und die Beharrlichkeit eingeschliffener Denksysteme.=20

					Herophilus