[Samba] Samba+Ldap problems
dogbert
dogbert at infinito.it
Wed Jun 3 22:48:00 GMT 2009
Ok, a little update on this issue.
I've changed the various common-* within /etc/pam.d and I've obtained the following.
Now I can connect with ssh or su with a user defined in ldap as long as this
user is present also in /etc/passwd.
It seems that the system check for the user account in /etc/passwd and then it
check for password under ldap.
Now if a user try to change his password (with the passwd command) it works
through ldap.
While using "getent passwd" I still obtain only the users contained in /etc/passwd.
These are my /etc/pam.d files:
COMMON-AUTH:
auth sufficient pam_ldap.so
auth required pam_unix.so nullok_secure use_first_pass
auth requisite pam_deny.so
auth required pam_permit.so
auth optional pam_smbpass.so migrate
COMMON-ACCOUNT:
account sufficient pam_ldap.so
account required pam_unix.so
account requisite pam_deny.so
account required pam_permit.so
COMMON-PASSWORD:
password sufficient pam_ldap.so
password required pam_unix.so nullok obscure min=4 max=8 md5
password requisite pam_deny.so
password required pam_permit.so
password optional pam_smbpass.so nullok
use_authtok use_first_pass
COMMON-SESSION:
session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session required pam_unix.so
session optional pam_ldap.so
session optional pam_ck_connector.so nox11
SSHD:
auth required pam_env.so # [1]
auth required pam_env.so envfile=/etc/default/locale
@include common-auth
account required pam_nologin.so
@include common-account
@include common-session
session optional pam_motd.so # [1]
session optional pam_mail.so standard noenv # [1]
session required pam_limits.so
@include common-password
LOGIN:
auth requisite pam_securetty.so
auth requisite pam_nologin.so
session required pam_selinux.so close
session required pam_env.so readenv=1
session required pam_env.so readenv=1 envfile=/etc/default/locale
@include common-auth
auth optional pam_group.so
session required pam_limits.so
session optional pam_lastlog.so
session optional pam_motd.so
session optional pam_mail.so standard
@include common-account
@include common-session
@include common-password
session required pam_selinux.so open
SU:
auth sufficient pam_rootok.so
session required pam_env.so readenv=1
session required pam_env.so readenv=1 envfile=/etc/default/locale
session optional pam_mail.so nopen
@include common-auth
@include common-account
@include common-session
SAMBA:
@include common-auth
@include common-account
@include common-session
Tim Bates wrote:
> dogbert at infinito.it wrote:
>> Thanks Oliver,
>> I will check all the files in /etc/pam.d
>>
> Check /etc/nsswitch.conf first. I think it may be your first problem.
>
>> I think that if I can succeed in authenticating via shell or ssh I can
>> then
>> rule-out pam issues and work on samba configuration.
> You need that working before you can start the Samba stages. Samba needs
> those accounts working before it can work properly.
>
> TB
>
More information about the samba
mailing list