[Samba] NSS/PAM LDAP Config
listserv.traffic at sloop.net
listserv.traffic at sloop.net
Thu Jun 8 16:21:48 GMT 2006
I'll try that, and I appreciate it. However, as far as I can tell,
Samba itself is working as well as I can expect.
However, I'm baffled by PAM and getting that working right. (I know
it's not exactly a Samba question, but I thought certainly someone
here would have experience with this and give me a pointer in what I
must be doing wrong.)
One final note: OpenLDAP is at 2.2.13
Thanks again for your help!
-Greg
> If you enable the kde-redhat repo (kde-redhat.sourceforge.net), Rex's
> repo has current samba and all you need to do is
> yum upgrade
> and it works perfectly. An added benefit is more recent KDE (if you use
> kde) and more recent openoffice.org
> Craig
> On Thu, 2006-06-08 at 08:52 -0700, listserv.traffic at sloop.net wrote:
>> I used the Sernet.de RPM's - they're compiled for RHEL 4, and only
>> with minor errors they installed fine.
>>
>> -Greg
>>
>> > As a side note, I am running centos 4.3 on my boxes, and I think it comes
>> > with samba 3.0.10. Where did you get your RPM for 3.0.22, or did you
>> > compile it from source?
>>
>> > Sam Adams
>> > General Dynamics - Network Systems
>> > Phone: 210.536.5945
>>
>> > -----Original Message-----
>> > From: samba-bounces+samuel.adams.ctr=brooks.af.mil at lists.samba.org
>> > [mailto:samba-bounces+samuel.adams.ctr=brooks.af.mil at lists.samba.org] On
>> > Behalf Of listserv.traffic at sloop.net
>> > Sent: Wednesday, June 07, 2006 4:48 PM
>> > To: samba
>> > Subject: [Samba] NSS/PAM LDAP Config
>>
>> > Ok, I've been literally throwing things in my effort to fix this.
>> > Please help me from damaging something valueable! :)
>>
>> > I've installed Samba 3.0.22 and OpenLDAP etc.
>>
>> > I've used the IDEALX scripts to create the LDAP tree etc.
>> > Everything goes swimmingly until I try to check and see if NSS/PAM is
>> > working right.
>>
>> > I use the following command as shown in SBE to check NSS/PAM working.
>> > getent passwd | grep root
>> > getent group | grep Domain
>>
>> > These aren't working as they should.
>>
>> > I'm using CentOS 4.3 and I've used authconfig as the IDEALX scripts
>> > say, and thus I have the following system-auth config in /etc/pam.d/
>>
>> > ---
>> > #%PAM-1.0
>> > # This file is auto-generated.
>> > # User changes will be destroyed the next time authconfig is run.
>> > auth required /lib/security/$ISA/pam_env.so
>> > auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
>> > auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
>> > auth required /lib/security/$ISA/pam_deny.so
>>
>> > account required /lib/security/$ISA/pam_unix.so broken_shadow
>> > account sufficient /lib/security/$ISA/pam_localuser.so
>> > account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100
>> > quiet
>> > account [default=bad success=ok user_unknown=ignore]
>> > /lib/security/$ISA/pam_ldap.so
>> > account required /lib/security/$ISA/pam_permit.so
>>
>> > password requisite /lib/security/$ISA/pam_cracklib.so retry=3
>> > password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok
>> > md5 shadow
>> > password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
>> > password required /lib/security/$ISA/pam_deny.so
>>
>> > session required /lib/security/$ISA/pam_limits.so
>> > session required /lib/security/$ISA/pam_unix.so
>> > session optional /lib/security/$ISA/pam_ldap.so
>> > ---
>>
>> > But that doesn't seem to work.
>>
>> > PAM is a total mystery to me, and I have absolutely no idea how to
>> > really configure it by hand, provided the above isn't correct.
>>
>> > Is there a good how-to on PAM somewhere I can read?
>> > I've done a number of searches, and some of those, as well as the SBE
>> > example show hand-editing the files in pam.d - like login, sshd,
>> > samba, and passwd.
>>
>> > In desperation, I've done that too, and no joy.
>>
>> > Can some kind soul please give me a hand here?
>>
>> > TIA
>> > -Greg
More information about the samba
mailing list