[Samba] samba with pam_ldap authentication

Bastien GENEFORT bastien.genefort at cyber-networks.fr
Fri Feb 9 13:39:07 GMT 2007

Hi everybody, 


We have a Fedora Core 1 samba server and would like to authenticate it
to an LDAP server using PAM.

I installed nss_ldap, configured /etc/ldap.conf to match my settings and
/etc/nsswitch.conf to use ldap.

My /etc/pam.d/samba is like this :


auth       required     pam_nologin.so

auth    sufficient      /lib/security/pam_ldap.so use_first_pass

auth    required        /lib/security/pam_unix_auth.so

account sufficient      /lib/security/pam_ldap.so

account required        /lib/security/pam_unix_acct.so

password        sufficient      /lib/security/pam_ldap.so

password        required        /lib/security/pam_unix_passwd.so
use_first_pass md5 shadow

session required        /lib/security/pam_unix_session.so


When I connect to samba using smbclient, I always get the following
error :

tree connect failed: NT_STATUS_WRONG_PASSWORD


But I can see using tcpdump that ldap request on my username and ldap
reply are correct. Also when I use a local samba account I can access my
share just fine.


Does anybody met this problem already ? Or can anyone tell me how to put
pam into debug mode so that I can narrow the problem ? Right now a
connection attempt doesn't create any log entry :-(





More information about the samba mailing list