[Samba] Samba+Ldap problems

dogbert at infinito.it dogbert at infinito.it
Wed Jun 3 09:26:50 GMT 2009 

I'm trying to trobuleshoot my previuos problem from the basics.

I've a box setup with Ubuntu, samba and ldap. I have a lot of problems with
user authentications.
I'm checking if LDAP and PAM ar working together. I've added an user to ldap
with smbldap-useradd command (as posix account) and I'm trying to use it to
login via ssh. This user cannot authenticate.
Here is the result from auth.log and some configurations files:

Jun  3 11:02:37 localserver sshd[27372]: Invalid user testmio from
192.168.10.1
Jun  3 11:02:37 localserver sshd[27372]: Failed none for invalid user
testmio from 192.168.10.1 port 44352 ssh2
Jun  3 11:02:39 localserver sshd[27372]: pam_unix(sshd:auth): check pass;
user unknown
Jun  3 11:02:39 localserver sshd[27372]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=remoteclient.domain.it
Jun  3 11:02:39 localserver sshd[27372]: pam_ldap: error trying to bind as
user "uid=testmio,ou=Users,dc=domain,dc=it" (Invalid credentials)
Jun  3 11:02:41 localserver sshd[27372]: Failed password for invalid user
testmio from 192.168.10.1 port 44352 ssh2

If I use the command "getent passwd" I obtain only the account present in
/etc/passwd file and none of those included in ldap.

/etc/pam.conf is empty

# /etc/pam.d/samba
@include common-auth
@include common-account
@include common-session


# etc/pam.d/login
auth requisite pam_securetty.so
auth requisite pam_nologin.so
session required pam_selinux.so close
session required pam_env.so readenv=1
session required pam_env.so readenv=1 envfile=/etc/default/locale
@include common-auth
auth optional pam_group.so
session required pam_limits.so
session optional pam_lastlog.so
session optional pam_motd.so
session optional pam_mail.so standard
@include common-account
@include common-session
@include common-password
session required pam_selinux.so open


# /etc/nsswitch.conf
passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis

ldap.conf contains the following directives:
nss_base_passwd        ou=Users,dc=domain,dc=it?one
nss_base_passwd        ou=Computers,dc=domain,dc=it?one
nss_base_shadow        ou=Users,dc=domain,dc=it?one
nss_base_group         ou=Groups,dc=domain,dc=it?one

More information about the samba mailing list