AW: [Samba] samba ldap and pam without -with-ldapsam option
Jürgen Hötzel
hoetzel at cyperfection.de
Mon May 12 16:02:07 GMT 2003
Hi,
pam's auth section are always ignored, when using
"encrypt passwords = Yes". But you can still use
the account and session sections when you set
"obey pam restrictions = Yes"
Jürgen
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces+hoetzel=cyperfection.de at lists.samba.org
> [mailto:samba-bounces+hoetzel=cyperfection.de at lists.samba.org]
> Im Auftrag von jtournier at idealx.com
> Gesendet: Montag, 12. Mai 2003 17:46
> An: samba at lists.samba.org
> Betreff: [Samba] samba ldap and pam without -with-ldapsam option
>
>
> Hello,
> i have two questions about pam and ldap:
> i want to set up a samba-ldap PDC. I first installed a samba
> compiled with the --with-ldapsam option. I set up a directory
> with users and samba
> attributes:
> every thing works fine.
> Now, i want to set up an equivalent architecture, but with
> the pam support. in the man pages, i can read that i need
> > obey pam restrictions = Yes
> which implies the directive
> > encrypt passwords = No
>
> I also have
> > security = user
> > unix password sync = Yes
> > domain logons = Yes
> > os level = 65
> > preferred master = Yes
> > domain master = Yes
>
> and my /etc/pam.d/samba contain
> > #%PAM-1.0
> > auth sufficient /lib/security/pam_ldap.so
> > auth required /lib/security/pam_unix_auth.so
> try_first_pass
> > account sufficient /lib/security/pam_ldap.so
> > account required /lib/security/pam_unix_acct.so
>
> But i can't mount any volume, i can't join a windows client
> to the domain...: i always have a message error "session
> setup failed: NT_STATUS_ACCESS_DENIED".
>
> So, are my configuration lines correct ? Why can i found in
> lots of examples configuration file the two lines "obey pam
> restrictions = Yes" and "encrypt passwords = Yes" ?
>
> Can the pam support retreive the value of the attributes
> defined in the directory (logon script, logon path ...) or
> can samba and pam just act as the authantication service ? If
> it can't, does the --with-ldapsam is the only solution to
> solve my problems ? Tahnks a lot
> --
> Jérôme
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list