[Samba] Re: A little help with nss_ldap - User xxx in passdb,
but getpwnam() fails!
Robert Silvia
coolhand1977 at comcast.net
Fri Nov 26 14:37:41 GMT 2004
Tomak,
I just tested your settings and they seem to be working.
The auth takes much longer now, maybe because it is working.
When checking shares the getpwnam does not even get called any more.
I noticed many SMB_VFS, NT_STATUS_NO_SUCH_OBJECT in the log, I guess
that let's me know VFS was complied in my binary.
How is the ldap.conf in the /etc/ directory different then the one found
in /etc/openldap/
When I check the MAN page only /etc/openldap/ldap.conf comes up, I'm
curious about the other options I am seeing in the other ldap.conf
located in the /etc/ directory.
Most of the I can make an educated guess as to their function, but it
would be nice to have a verified definition of some of these parameters.
--
Anyway thanks for your help it is greatly appreciated.
Robert
> Robert Silvia wrote:
>
>> Here's my configuration:
>>
>>
>> My system auth looks like:
>> auth required /lib/security/pam_env.so
>> auth sufficient /lib/security/pam_unix.so likeauth nullok
>> auth sufficient /lib/security/pam_ldap.so use_first_pass
>> auth required /lib/security/pam_deny.so
>>
>> account required /lib/security/pam_unix.so
>> account sufficient /lib/security/pam_ldap.so
>>
>> password required /lib/security/pam_cracklib.so retry=3 type=
>> password sufficient /lib/security/pam_unix.so nullok use_authtok
>> md5 shadow
>> password sufficient /lib/security/pam_ldap.so use_authtok
>> password required /lib/security/pam_deny.so
>>
>> session required /lib/security/pam_limits.so
>> session required /lib/security/pam_unix.so
>> session optional /lib/security/pam_ldap.so
>>
>> My /etc/ldap.conf is setup as (world readable):
>> base dc=pds-support,dc=net
>> rootbinddn cn=nssldap,ou=DSA,dc=pds-support,dc=net
>> nss_base_passwd dc=pds-support,dc=net?sub
>> nss_base_shadow dc=pds-support,dc=net?sub
>> nss_base_group ou=Groups,dc=pds-support,dc=net?one
>> ssl no
>> pam_password md5
>>
>> and my /etc/nsswitch.conf (world readable)
>> passwd: files ldap
>> shadow: files ldap
>> group: files ldap
>>
>>
>> I have /etc/ldap.secret
>> set to world readable atm moment with the password (I plan on changing
>> this once I have it working)
>
>
> Yeah setting Samba to work with LDAP properly can be really painful.
>
> Could you try setting /etc/ldap.conf like below (witout ldap.secret file):
>
> SIZELIMIT 200
> TIMELIMIT 15
> DEREF never
>
> host 127.0.0.1
> base dc=magista,dc=de
> binddn cn=Manager,dc=magista,dc=de
> bindpw secret-password-in-plain
>
> pam_password exop
>
> nss_base_passwd dc=magista,dc=de?sub
> nss_base_shadow dc=magista,dc=de?sub
> nss_base_group ou=Groups,dc=magista,dc=de?one
>
>
>
> Tomek
More information about the samba
mailing list