[Samba] Samba + LDAP problem...
Collins, Kevin
KCollins at nesbittengineering.com
Fri Jun 13 18:30:06 GMT 2003
On Friday, June 13, 2003 1:44 PM, Bruno Gimenes Pereti wrote:
> Hi Kevin,
Hi Bruno, and thanks for responding...
>
> > Below are some files that I think are pertinent. The
> > /etc/openldap/ldap.conf, /etc/openldap/slapd.conf
> /etc/samba/smb.conf, the
> > base.ldif that is from the IDEALX.org HOWTO.
> >
> > I'm hoping that someone with much more experience than me
> will be able to
> > help me.
>
> I´m not so experience but I think you forgot one thing. Do
> you have this:
>
> passwd: files ldap
> shadow: files ldap
> group: files ldap
>
> in your /etc/nsswitch.conf and this:
>
> auth required /lib/security/pam_env.so
> auth sufficient /lib/security/pam_unix.so likeauth nullok
> auth sufficient use_first_pass
> auth required /lib/security/pam_deny.so
> account sufficient /lib/security/pam_ldap.so
> account required /lib/security/pam_unix.so
> password required /lib/security/pam_cracklib.so retry=3
> password sufficient /lib/security/pam_unix.so nullok
> use_authtok md5
> shadow
> password sufficient /lib/security/pam_ldap.so
> password required /lib/security/pam_deny.so
> session required /lib/security/pam_limits.so
> session sufficient /lib/security/pam_ldap.so
> session required /lib/security/pam_unix.so
>
> in /etc/pam.d/system-auth?
>
> In redhat you can do this with authconfig.
>
I did have these set, as I used 'authconfig' to generate the PAM/LDAP
integration.
What I didn't have (but do now) is some settings in /etc/ldap.conf. Those
that look like nns_base_passwd, nss_base_shadow, and nss_base_group or very
similar. I have those set now, and the error message that I'm getting is
different.
On the Windows 2000 machine when I join the domain, I get:
"The account used is a computer account. Use your global user account, or
local user account to access this server."
It almost sounds like the "administrator" account is misconfigured and is
appearing to Windows as a computer account instead of a user account. Have
you heard of this happening before?
I used 'smbldap-useradd.pl -a -m -g 200 administrator' to add the
"administrator" account after I had LDAP up and running.
Thanks again for your input.
--
Kevin L. Collins, MCSE
Systems Manager
Nesbitt Engineering, Inc.
More information about the samba
mailing list