[Samba] A little help with nss_ldap - User xxx in passdb, but
getpwnam() fails!
Tomasz Chmielewski
mangoo at mch.one.pl
Thu Nov 25 19:47:22 GMT 2004
Robert Silvia wrote:
> Here's my configuration:
>
>
> My system auth looks like:
> auth required /lib/security/pam_env.so
> auth sufficient /lib/security/pam_unix.so likeauth nullok
> auth sufficient /lib/security/pam_ldap.so use_first_pass
> auth required /lib/security/pam_deny.so
>
> account required /lib/security/pam_unix.so
> account sufficient /lib/security/pam_ldap.so
>
> password required /lib/security/pam_cracklib.so retry=3 type=
> password sufficient /lib/security/pam_unix.so nullok use_authtok
> md5 shadow
> password sufficient /lib/security/pam_ldap.so use_authtok
> password required /lib/security/pam_deny.so
>
> session required /lib/security/pam_limits.so
> session required /lib/security/pam_unix.so
> session optional /lib/security/pam_ldap.so
>
> My /etc/ldap.conf is setup as (world readable):
> base dc=pds-support,dc=net
> rootbinddn cn=nssldap,ou=DSA,dc=pds-support,dc=net
> nss_base_passwd dc=pds-support,dc=net?sub
> nss_base_shadow dc=pds-support,dc=net?sub
> nss_base_group ou=Groups,dc=pds-support,dc=net?one
> ssl no
> pam_password md5
>
> and my /etc/nsswitch.conf (world readable)
> passwd: files ldap
> shadow: files ldap
> group: files ldap
>
>
> I have /etc/ldap.secret
> set to world readable atm moment with the password (I plan on changing
> this once I have it working)
Yeah setting Samba to work with LDAP properly can be really painful.
Could you try setting /etc/ldap.conf like below (witout ldap.secret file):
SIZELIMIT 200
TIMELIMIT 15
DEREF never
host 127.0.0.1
base dc=magista,dc=de
binddn cn=Manager,dc=magista,dc=de
bindpw secret-password-in-plain
pam_password exop
nss_base_passwd dc=magista,dc=de?sub
nss_base_shadow dc=magista,dc=de?sub
nss_base_group ou=Groups,dc=magista,dc=de?one
Tomek
More information about the samba
mailing list