PAM and LDAP
Jeff Williams
jeff at dacc.cc.il.us
Fri Apr 27 16:30:39 GMT 2001
I have compiled and installed SAMBA 2.2.0 on a Red Hat 6.2 box. SAMBA
was configured with the --with-pam option. I have the nss_ldap package
installed.
My goal is to use this SAMBA server as a PDC, and have it use PAM to
authenticate to our existing LDAP server (which already does
authentication for the E-mail system). On this same Red Hat / SAMBA
box, I have for many months had a RADIUS daemon successfully
authenticating dialup users to that same LDAP server via PAM.
However, with SAMBA, I'm unable to get smbclient to authenticate
successfully, except with usernames and passwords that exist on the
local Red Hat server -- for those, it works fine. This is what
/etc/pam.d/samba contains (this file came with nss_ldap):
#%PAM-1.0
auth sufficient /lib/security/pam_ldap.so
auth required /lib/security/pam_unix_auth.so try_first_pass
account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_unix_acct.so
The SMB log says "Couldn't find user <username>", as if it isn't
checking the LDAP server, only the local user database.
I'm sure I'm missing something simple, but does anyone have any
pointers? Thanks!
--
Jefferson Davis Williams
Director of Computer and Network Services
Danville Area Community College
2000 East Main Street
Danville, IL 61832
217.443.8871
More information about the samba
mailing list