[Samba] NSS/PAM LDAP Config
Craig White
craigwhite at azapple.com
Thu Jun 8 15:49:47 GMT 2006
If you enable the kde-redhat repo (kde-redhat.sourceforge.net), Rex's
repo has current samba and all you need to do is
yum upgrade
and it works perfectly. An added benefit is more recent KDE (if you use
kde) and more recent openoffice.org
Craig
On Thu, 2006-06-08 at 08:52 -0700, listserv.traffic at sloop.net wrote:
> I used the Sernet.de RPM's - they're compiled for RHEL 4, and only
> with minor errors they installed fine.
>
> -Greg
>
> > As a side note, I am running centos 4.3 on my boxes, and I think it comes
> > with samba 3.0.10. Where did you get your RPM for 3.0.22, or did you
> > compile it from source?
>
> > Sam Adams
> > General Dynamics - Network Systems
> > Phone: 210.536.5945
>
> > -----Original Message-----
> > From: samba-bounces+samuel.adams.ctr=brooks.af.mil at lists.samba.org
> > [mailto:samba-bounces+samuel.adams.ctr=brooks.af.mil at lists.samba.org] On
> > Behalf Of listserv.traffic at sloop.net
> > Sent: Wednesday, June 07, 2006 4:48 PM
> > To: samba
> > Subject: [Samba] NSS/PAM LDAP Config
>
> > Ok, I've been literally throwing things in my effort to fix this.
> > Please help me from damaging something valueable! :)
>
> > I've installed Samba 3.0.22 and OpenLDAP etc.
>
> > I've used the IDEALX scripts to create the LDAP tree etc.
> > Everything goes swimmingly until I try to check and see if NSS/PAM is
> > working right.
>
> > I use the following command as shown in SBE to check NSS/PAM working.
> > getent passwd | grep root
> > getent group | grep Domain
>
> > These aren't working as they should.
>
> > I'm using CentOS 4.3 and I've used authconfig as the IDEALX scripts
> > say, and thus I have the following system-auth config in /etc/pam.d/
>
> > ---
> > #%PAM-1.0
> > # This file is auto-generated.
> > # User changes will be destroyed the next time authconfig is run.
> > auth required /lib/security/$ISA/pam_env.so
> > auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
> > auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
> > auth required /lib/security/$ISA/pam_deny.so
>
> > account required /lib/security/$ISA/pam_unix.so broken_shadow
> > account sufficient /lib/security/$ISA/pam_localuser.so
> > account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100
> > quiet
> > account [default=bad success=ok user_unknown=ignore]
> > /lib/security/$ISA/pam_ldap.so
> > account required /lib/security/$ISA/pam_permit.so
>
> > password requisite /lib/security/$ISA/pam_cracklib.so retry=3
> > password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok
> > md5 shadow
> > password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
> > password required /lib/security/$ISA/pam_deny.so
>
> > session required /lib/security/$ISA/pam_limits.so
> > session required /lib/security/$ISA/pam_unix.so
> > session optional /lib/security/$ISA/pam_ldap.so
> > ---
>
> > But that doesn't seem to work.
>
> > PAM is a total mystery to me, and I have absolutely no idea how to
> > really configure it by hand, provided the above isn't correct.
>
> > Is there a good how-to on PAM somewhere I can read?
> > I've done a number of searches, and some of those, as well as the SBE
> > example show hand-editing the files in pam.d - like login, sshd,
> > samba, and passwd.
>
> > In desperation, I've done that too, and no joy.
>
> > Can some kind soul please give me a hand here?
>
> > TIA
> > -Greg
>
>
>
>
>
> --
> Best regards,
> listserv mailto:listserv.traffic at sloop.net
>
More information about the samba
mailing list