Comment # 5 on bug 1220032 from Unger 
(In reply to Noel Power from comment #4)
> (In reply to Noel Power from comment #3)
> > (In reply to Unger from comment #2)
> > >  (In reply to Noel Power from comment #1)
> > > > (In reply to Unger from comment #0)
> > > > > Hi,
> > > > > 
> > > > > After an update of a bunch of packages last week, it wasn't possible to log
> > > > > in to / access samba from windows or via smbclient. In log I found:   
> > > > > 
> > > > > smbd[3096]: pam_unix(samba:account): helper binary execve failed: Keine
> > > > > Berechtigung
> > > > > nscd[836]: Prüfe auf überwachte Datei »/etc/nsswitch.conf«: Datei oder
> > > > > Verzeichnis nicht gefunden
> > > > 
> > > > according to google translate this message is saying /etc/nsswitch.conf is
> > > > missing so no surprise authentication isn't working
> > > > 
> > > > were you doing something else that might have resulted in this file getting
> > > > deleted ? (or moved)
> > > > 
> > > > can you verify nsswitch.conf exists ?
> > > 
> > > Ok, I can confirm that there was never a /etc/nsswitch.conf since start of
> > > the journal in October 2023, so it was a bit misleading. 
> > erm I can't see how this can be, /etc/nsswitch.conf is a core file it is
> > part of glibc is should be there, unless I am mistaken if not something is
> > really wrong
> ok, it seems that server installs apparently don't install
> /etc/nsswitch.conf anymore (although in the vm I installed to check this it
> did) nscd apparently has a bug against it for spitting out these errors. So
> yes, probably a red herring
> 
> 
> > 
> > > Nevertheless samba worked until 2024 Feb 14 9am. At approx. 9:10 I had a
> > > huge upgrade (>1000 packages) and afterwards it was broken. 
> > > 
> > > While browsing through the logs I found the following lines right before it
> > > stopped working properly: 
> > > 
> > > Feb 14 09:25:25 MYHOST smbd[28626]: PAM unable to
> > > dlopen(/usr/lib64/security/pam_systemd.so): /lib64/libm.so.6: version
> > > `GLIBC_2.39' not found (required by /usr/lib64/security/pam_systemd.so)
> > > Feb 14 09:25:25 MYHOST smbd[28626]: PAM adding faulty module:
> > > /usr/lib64/security/pam_systemd.so
> >  
> > really looks like there is some problem with authentication related
> > components on this system and their required version of glibc versus what is
> > installed. Looks likely that something went very wrong during your upgrade
> 
> but those errors indeed to look like they indicating some package
> broken-ness. Question is what errors do you see in samba logs and journal
> when trying to authenticate say with smbclient. Also smb.conf would be
> helpful. Meanwhile I will try a fresh install again (just to see why I seem
> to have a /etc/nsswitch.conf)
This is the smb.conf that worked 2 weeks ago:
[global]
        workgroup = WORKGROUP
        netbios name = BilderKeller
        server string = %h
        min protocol = SMB2
        client min protocol = SMB2
        security = user
        log file = /var/log/samba/log.%m
        max log size = 1000
        logging = file
        server role = standalone server
        obey pam restrictions = yes
        map to guest = bad user
        usershare allow guests = No
        ldap admin dn =
        passdb backend = smbpasswd
        wins support = Yes
[Bilder]
        comment = needs username and password to access
        path = /srv/samba/private/
        browseable = yes
        guest ok = no
        writable = yes
        valid users = @samba
[scanner]
        comment = place for scans
        path = /srv/samba/private/scan
        browseable = yes
        guest ok = no
        writable = yes
        valid users = @samba,hp-scan

Now I removed the following lines:

        client min protocol = SMB2       - seems to be outdated since 4.15 acc.
to
https://wiki.samba.org/index.php/Samba_Features_added/changed#smb.conf_changes_6
        obey pam restrictions = yes      - just a try 
        ldap admin dn =                  - I don't know why I put it there, so
removed 

Now it works again, but it would be nice to have more detailed information in
the log-files. 

From the log files for my computer before I changed the config:

[2024/02/25 16:05:19.010811,  0]
../../source3/auth/pampass.c:592(smb_pam_account)
  smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management for
User: REDACTED
[2024/02/25 16:05:19.010867,  0]
../../source3/auth/pampass.c:800(smb_pam_accountcheck)
  smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User
REDACTED!

You are receiving this mail because: