[Samba] Samba+Ldap problems

dogbert dogbert at infinito.it
Wed Jun 3 22:48:00 GMT 2009


Ok, a little update on this issue.
I've changed the various common-* within /etc/pam.d and I've obtained the following.
Now I can connect with ssh or su with a user defined in ldap as long as this 
user is present also in /etc/passwd.
It seems that the system check for the user account in /etc/passwd and then it 
check for password under ldap.
Now if a user try to change his password (with the passwd command) it works 
through ldap.
While using "getent passwd" I still obtain only the users contained in /etc/passwd.
These are my /etc/pam.d files:

COMMON-AUTH:
auth    sufficient      pam_ldap.so
auth    required        pam_unix.so nullok_secure use_first_pass
auth    requisite                       pam_deny.so
auth    required                        pam_permit.so
auth    optional                        pam_smbpass.so migrate

COMMON-ACCOUNT:
account sufficient      pam_ldap.so
account required        pam_unix.so
account requisite                       pam_deny.so
account required                        pam_permit.so

COMMON-PASSWORD:
password        sufficient      pam_ldap.so
password        required        pam_unix.so nullok obscure min=4 max=8 md5
password        requisite                       pam_deny.so
password        required                        pam_permit.so
password        optional                        pam_smbpass.so nullok 
use_authtok use_first_pass

COMMON-SESSION:
session [default=1]                     pam_permit.so
session requisite                       pam_deny.so
session required                        pam_permit.so
session required        pam_unix.so
session optional                        pam_ldap.so
session optional                        pam_ck_connector.so nox11

SSHD:
auth       required     pam_env.so # [1]
auth       required     pam_env.so envfile=/etc/default/locale
@include common-auth
account    required     pam_nologin.so
@include common-account
@include common-session
session    optional     pam_motd.so # [1]
session    optional     pam_mail.so standard noenv # [1]
session    required     pam_limits.so
@include common-password

LOGIN:
auth       requisite  pam_securetty.so
auth       requisite  pam_nologin.so
session    required   pam_selinux.so close
session       required   pam_env.so readenv=1
session       required   pam_env.so readenv=1 envfile=/etc/default/locale
@include common-auth
auth       optional   pam_group.so
session    required   pam_limits.so
session    optional   pam_lastlog.so
session    optional   pam_motd.so
session    optional   pam_mail.so standard
@include common-account
@include common-session
@include common-password
session required pam_selinux.so open

SU:
auth       sufficient pam_rootok.so
session       required   pam_env.so readenv=1
session       required   pam_env.so readenv=1 envfile=/etc/default/locale
session    optional   pam_mail.so nopen
@include common-auth
@include common-account
@include common-session

SAMBA:
@include common-auth
@include common-account
@include common-session


Tim Bates wrote:
> dogbert at infinito.it wrote:
>> Thanks Oliver,
>> I will check all the files in /etc/pam.d
>>   
> Check /etc/nsswitch.conf first. I think it may be your first problem.
> 
>> I think that if I can succeed in authenticating via shell or ssh I can 
>> then
>> rule-out pam issues and work on samba configuration.
> You need that working before you can start the Samba stages. Samba needs 
> those accounts working before it can work properly.
> 
> TB
> 



More information about the samba mailing list