[Samba] use of pam_filter with LDAP
Norbert Gomes
norbert.gomes at orleans-tours.iufm.fr
Wed Nov 7 07:57:30 GMT 2007
samba at piven.org a écrit :
> Norbert Gomes wrote:
>> I would like to use pam filters to authenticate users on LDAP 2.3
>> with Samba-3.0.26a on a Fedora Core 7
>> For information,samba is compiled with the --with-ldapsam option (2.0
>> LDAP schema)
>>
>> Basic LDAP authentication works well, when I type 'getent passwd',
>> all my users are displayed.
>>
>> Now I want to use the pam_filter option in the /etc/ldap.conf file,
>> but I can't make it work :
>>
>> For example, with pam_filter objectclass=supannPerson, getent passwd
>> returns the same list as when I don't use the filters
>
> That's because "getent" doesn't use PAM; it uses NSS and thus nss_ldap.
> Just because nss_ldap and pam_ldap use the same configuration file
> doesn't necessarily mean they recognize all the settings -- in
> particular, nss_ldap's man page mentions nothing about a pam_filter
> setting in ldap.conf.
>
> You can still use pam_filter in your PAM config files as part of your
> authentication protocol; just remember that pam_filter is pam_specific
> :-)
>
> Don Piven
>
OK thank you for your answser. I am a bit confused with nss, pam and the
Samba authentication mechanism...
Actually I would like to add filters for authentication of users with
Samba and LDAP :
With our production servers I use the 'ldap filter = (MY_FILTERs)'
option in smb.conf (samba-3.0.11) but this option has been removed in
the recent releases. Now I want to upgrade samba and I would like to use
the same filters with the samba-3.0.26a.
I read that it was in the ldap.conf file but I don't know how to use it...
If anyone can give me a clue...
Thanks
Norbert
More information about the samba
mailing list