[Samba] 2.2 authenticate against AD but no corresponding local user
Jeremy C. Reed
reed at reedmedia.net
Wed Jul 3 18:41:02 GMT 2002
My pam_ldap works for authenticating against Active Directory.
I want to use Samba 2.2 to allow printing if the user authenticates via
Active Directory even if the user doesn't have local account.
My problem with logs:
PAM is successful for authenticating via AD.
[2002/07/03 18:14:53, 4] passdb/pampass.c:smb_pam_auth(534)
smb_pam_auth: PAM: User jdoe Authenticated OK
[2002/07/03 18:14:53, 4] passdb/pampass.c:smb_pam_account(555)
smb_pam_account: PAM: Account Management for User: jdoe
[2002/07/03 18:14:53, 4] passdb/pampass.c:smb_pam_account(579)
smb_pam_account: PAM: Account OK for User: jdoe
[2002/07/03 18:14:53, 4] passdb/pampass.c:smb_pam_setcred(606)
PAM: Account Management SetCredentials for User: jdoe
[2002/07/03 18:14:53, 4] passdb/pampass.c:smb_pam_setcred(626)
smb_pam_setcred: PAM: SetCredentials OK for User: jdoe
[2002/07/03 18:14:53, 4] passdb/pampass.c:smb_pam_end(436)
smb_pam_end: PAM: PAM_END OK.
But then:
[2002/07/03 18:14:53, 3] smbd/reply.c:reply_sesssetup_and_X(1018)
No such user jdoe [HOME] - using guest account
My guest account is nobody.
I did set:
obey pam restrictions = no
so it would ignore account or session management.
[2002/07/03 18:14:57, 2] passdb/pampass.c:smb_pam_auth(510)
smb_pam_auth: PAM: Athentication Error for user nobody
[2002/07/03 18:14:57, 2] passdb/pampass.c:smb_pam_error_handler(71)
smb_pam_error_handler: PAM: Authentication Failure : Authentication failure
(Does it really need to check password for this guest too?)
If I don't allow null passwords, I receive:
[2002/07/03 15:04:32, 4] smbd/password.c:password_ok(602)
Null passwords not allowed.
[2002/07/03 15:04:32, 2] smbd/service.c:make_connection(328)
Invalid username/password for jdoe [nobody]
Any suggestions, step-by-step instructions, links, howtos on getting old
2.2 to work with PAM authentication but then no UID (or other info) for
that user?
I understand that it will use a guest account.
In addition, I need the printer (lpr) to have the username (argument 5
or 6) to be set to the original AD username and not the guest account
(nobody).
Thanks,
Jeremy C. Reed
http://www.reedmedia.net/
More information about the samba
mailing list