[Samba] pam_ldap problem on an LDAP+SMB configuration

David Martinez david.martinez at eurorscg.com
Wed Sep 14 14:47:20 GMT 2005

Thanks for your responses.

I did run the smbpasswd -w XXXX command, even before populating ldap
(smbldap-populate command of smbldap-tools-0.9.1-1.2).

In fact I change to a bogus password and I keep receiving the same
message on my logs: 

pam_ldap: error trying to bind as user
"uid=testuser1,ou=Users,dc=valeeuro,dc=com" (Invalid credentials)

This is a fragment of my smb.conf with ldap configuration:

ldap passwd sync = Yes
#passwd program = /usr/sbin/smbldap-passwd -u %u
ldap passwd sync = Yes
passdb backend = ldapsam:ldap://
# ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
ldap admin dn = cn=Manager,dc=valeeuro,dc=com
ldap suffix = dc=valeeuro,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
#ldap ssl = start tls
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
#delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
#delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

As you can see, communication with ldap is not secure.

Thanks in advance.


-----Mensaje original-----
De: samba-bounces+david.martinez=eurorscg.com at lists.samba.org
[mailto:samba-bounces+david.martinez=eurorscg.com at lists.samba.org] En
nombre de Craig White
Enviado el: Martes, 13 de Septiembre de 2005 11:11 p.m.
Para: samba at lists.samba.org
Asunto: Re: [Samba] pam_ldap problem on an LDAP+SMB configuration

On Tue, 2005-09-13 at 18:40 -0500, David Martinez wrote:
> Hi there.
> This is my first post to this list, I hope I can help you in the
> By now, I'm the one who needs help  :)
> I've been trying to configure a Fedora Core 4 box to use samba + LDAP.
> followed instructions of
> http://www.idealx.org/prj/samba/smbldap-howto.en.html but it seems
> I'm having problems on the pam_ldap layer: when I go to step 4.5
> (http://www.idealx.org/prj/samba/smbldap-howto.en.html#htoc32) ssh
> testuser1 at my-host I get the following message on /var/log/messages:
> Sep 13 18:09:40 linux2 sshd(pam_unix)[23077]: check pass; user unknown
> Sep 13 18:09:40 linux2 sshd(pam_unix)[23077]: authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser=rhost=linux2
> Sep 13 18:09:40 linux2 sshd[23077]: pam_ldap: error trying to bind as
> user "uid=testuser1,ou=Users,dc=valeeuro,dc=com" (Invalid credentials)
> I have tried everything, but no success, I always get to this and I
> don't know what to do now. Its really important to me to get this
> configuration working, so I don't want to give up.
> Can someone help me or tell me if I have to read somewhere else ?
probably would help if you posted the ldap relevant sections of your
smb.conf to the list - also, for the ldap admin...did you set the
password (smbpasswd -w XXXXXXXXX) ?


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list