[Samba] use of pam_filter with LDAP
samba at piven.org
samba at piven.org
Tue Nov 6 23:11:11 GMT 2007
Norbert Gomes wrote:
> I would like to use pam filters to authenticate users on LDAP 2.3 with
> Samba-3.0.26a on a Fedora Core 7
> For information,samba is compiled with the --with-ldapsam option (2.0
> LDAP schema)
>
> Basic LDAP authentication works well, when I type 'getent passwd', all
> my users are displayed.
>
> Now I want to use the pam_filter option in the /etc/ldap.conf file, but
> I can't make it work :
>
> For example, with pam_filter objectclass=supannPerson, getent passwd
> returns the same list as when I don't use the filters
That's because "getent" doesn't use PAM; it uses NSS and thus nss_ldap.
Just because nss_ldap and pam_ldap use the same configuration file
doesn't necessarily mean they recognize all the settings -- in
particular, nss_ldap's man page mentions nothing about a pam_filter
setting in ldap.conf.
You can still use pam_filter in your PAM config files as part of your
authentication protocol; just remember that pam_filter is pam_specific :-)
Don Piven
More information about the samba
mailing list