AW: [Samba] samba ldap and pam without -with-ldapsam option

Jürgen Hötzel hoetzel at cyperfection.de
Mon May 12 16:02:07 GMT 2003 

Hi,

pam's auth section are always ignored, when using 
"encrypt passwords = Yes". But you can still use 
the account and session sections when you set 
"obey pam restrictions = Yes"

Jürgen

> -----Ursprüngliche Nachricht-----
> Von: samba-bounces+hoetzel=cyperfection.de at lists.samba.org 
> [mailto:samba-bounces+hoetzel=cyperfection.de at lists.samba.org]
>  Im Auftrag von jtournier at idealx.com
> Gesendet: Montag, 12. Mai 2003 17:46
> An: samba at lists.samba.org
> Betreff: [Samba] samba ldap and pam without -with-ldapsam option
> 
> 
> Hello,
> i have two questions about pam and ldap:
> i want to set up a samba-ldap PDC. I first installed a samba 
> compiled with the --with-ldapsam option. I set up a directory 
> with users and samba
> attributes:
> every thing works fine.
> Now, i want to set up an equivalent architecture, but with 
> the pam support. in the man pages, i can read that i need
> > obey pam restrictions = Yes
> which implies the directive
> > encrypt passwords = No
> 
> I also have
> > security = user
> > unix password sync = Yes
> > domain logons = Yes
> > os level = 65
> > preferred master = Yes
> > domain master = Yes
> 
> and my /etc/pam.d/samba contain
> > #%PAM-1.0
> > auth       sufficient   /lib/security/pam_ldap.so
> > auth       required     /lib/security/pam_unix_auth.so 
> try_first_pass
> > account    sufficient   /lib/security/pam_ldap.so
> > account    required     /lib/security/pam_unix_acct.so
> 
> But i can't mount any volume, i can't join a windows client 
> to the domain...: i always have a message error "session 
> setup failed: NT_STATUS_ACCESS_DENIED".
> 
> So, are my configuration lines correct ? Why can i found in 
> lots of examples configuration file the two lines "obey pam 
> restrictions = Yes" and "encrypt passwords = Yes" ?
> 
> Can the pam support retreive the value of the attributes 
> defined in the directory (logon script, logon path ...) or 
> can samba and pam just act as the authantication service ? If 
> it can't, does the --with-ldapsam is the only solution to 
> solve my problems ? Tahnks a lot
> --
> Jérôme
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list