[Samba] NSS/PAM LDAP Config
listserv.traffic at sloop.net
listserv.traffic at sloop.net
Wed Jun 7 21:48:04 GMT 2006
Ok, I've been literally throwing things in my effort to fix this.
Please help me from damaging something valueable! :)
I've installed Samba 3.0.22 and OpenLDAP etc.
I've used the IDEALX scripts to create the LDAP tree etc.
Everything goes swimmingly until I try to check and see if NSS/PAM is
working right.
I use the following command as shown in SBE to check NSS/PAM working.
getent passwd | grep root
getent group | grep Domain
These aren't working as they should.
I'm using CentOS 4.3 and I've used authconfig as the IDEALX scripts
say, and thus I have the following system-auth config in /etc/pam.d/
---
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so broken_shadow
account sufficient /lib/security/$ISA/pam_localuser.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so
---
But that doesn't seem to work.
PAM is a total mystery to me, and I have absolutely no idea how to
really configure it by hand, provided the above isn't correct.
Is there a good how-to on PAM somewhere I can read?
I've done a number of searches, and some of those, as well as the SBE
example show hand-editing the files in pam.d - like login, sshd,
samba, and passwd.
In desperation, I've done that too, and no joy.
Can some kind soul please give me a hand here?
TIA
-Greg
More information about the samba
mailing list