[Samba] use of pam_filter with LDAP

Norbert Gomes norbert.gomes at orleans-tours.iufm.fr
Wed Nov 7 07:57:30 GMT 2007


samba at piven.org a écrit :
> Norbert Gomes wrote:
>> I would like to use pam filters to authenticate users on LDAP 2.3 
>> with Samba-3.0.26a on a Fedora Core 7
>> For information,samba is compiled with the --with-ldapsam option (2.0 
>> LDAP schema)
>>
>> Basic LDAP authentication works well, when I type 'getent passwd', 
>> all my users are displayed.
>>
>> Now I want to use the pam_filter option in the /etc/ldap.conf file, 
>> but I can't make it work :
>>
>> For example, with pam_filter objectclass=supannPerson, getent passwd 
>> returns the same list as when I don't use the filters
>
> That's because "getent" doesn't use PAM; it uses NSS and thus nss_ldap.
> Just because nss_ldap and pam_ldap use the same configuration file 
> doesn't necessarily mean they recognize all the settings -- in 
> particular, nss_ldap's man page mentions nothing about a pam_filter 
> setting in ldap.conf.
>
> You can still use pam_filter in your PAM config files as part of your 
> authentication protocol; just remember that pam_filter is pam_specific 
> :-)
>
> Don Piven
>
OK thank you for your answser. I am a bit confused with nss, pam and the 
Samba authentication mechanism...

Actually I would like to add filters for authentication of users with 
Samba and LDAP :

With our production servers I use the 'ldap filter = (MY_FILTERs)' 
option in smb.conf (samba-3.0.11) but this option has been removed in 
the recent releases. Now I want to upgrade samba and I would like to use 
the same filters with the samba-3.0.26a.

I read that it was in the ldap.conf file but I don't know how to use it...

If anyone can give me a clue...

Thanks

Norbert



More information about the samba mailing list