[Samba] use of pam_filter with LDAP
Norbert Gomes
norbert.gomes at orleans-tours.iufm.fr
Mon Nov 5 15:05:46 GMT 2007
Hello
I would like to use pam filters to authenticate users on LDAP 2.3 with
Samba-3.0.26a on a Fedora Core 7
For information,samba is compiled with the --with-ldapsam option (2.0
LDAP schema)
Basic LDAP authentication works well, when I type 'getent passwd', all
my users are displayed.
Now I want to use the pam_filter option in the /etc/ldap.conf file, but
I can't make it work :
For example, with pam_filter objectclass=supannPerson, getent passwd
returns the same list as when I don't use the filters
- Here's the ldap.conf file :
base dc=tata,dc=toto,dc=fr
binddn cn=XXXXX,dc=tata,dc=toto,dc=fr
bindpw XXXXXX
scope sub
pam_filter objectclass=supannPerson
# We don't use the uid attribute to authenticate the users
nss_map_attribute uid iufmLogin
# Default options
port 389
timelimit 120
bind_timelimit 120
idle_timelimit 3600
nss_initgroups_ignoreusers
root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd
uri ldap://127.0.0.1/
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
- Here the nsswitch.conf file :
[...]
passwd: files ldap
shadow: files ldap
group: files ldap
[...]
- Here the [global] section of the smb.conf (only the ldap options)
[global]
[...]
# Parametres ldap
ldap admin dn=cn=XXXXX,dc=tata,dc=toto,dc=fr
ldap ssl = no
# OLD directive ldap filter :
#ldap filter = (&(iufmLogin=%u)(gecos=#*))
[...]
Anyone can help me with the use of the pam_filter option ?
Thanks
Norbert
More information about the samba
mailing list