[Samba] samba with pam_ldap authentication
Bastien GENEFORT
bastien.genefort at cyber-networks.fr
Fri Feb 9 13:39:07 GMT 2007
Hi everybody,
We have a Fedora Core 1 samba server and would like to authenticate it
to an LDAP server using PAM.
I installed nss_ldap, configured /etc/ldap.conf to match my settings and
/etc/nsswitch.conf to use ldap.
My /etc/pam.d/samba is like this :
#%PAM-1.0
auth required pam_nologin.so
auth sufficient /lib/security/pam_ldap.so use_first_pass
auth required /lib/security/pam_unix_auth.so
account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_unix_acct.so
password sufficient /lib/security/pam_ldap.so
password required /lib/security/pam_unix_passwd.so
use_first_pass md5 shadow
session required /lib/security/pam_unix_session.so
When I connect to samba using smbclient, I always get the following
error :
tree connect failed: NT_STATUS_WRONG_PASSWORD
But I can see using tcpdump that ldap request on my username and ldap
reply are correct. Also when I use a local samba account I can access my
share just fine.
Does anybody met this problem already ? Or can anyone tell me how to put
pam into debug mode so that I can narrow the problem ? Right now a
connection attempt doesn't create any log entry :-(
Thanks
Bastien
More information about the samba
mailing list