[Samba] Weird issue with samba 3.4.7

Amit More amore at xetus.com
Wed Oct 26 12:59:42 MDT 2011 

Hello All,


I have samba version 3.3.2 installed on a system running Ubuntu Server 9.04 (32-bit).  The users trying to mount the samba shares authenticate over the LDAP server. 
Here is how my configuration files look like, 

1. /etc/samba/smb.conf

[global]
	server string = %h server (Samba, Ubuntu)
	map to guest = Bad User
	obey pam restrictions = Yes
	pam password change = Yes
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
	unix password sync = Yes
	syslog = 0
	log file = /var/log/samba/log.%m
	max log size = 1000
	dns proxy = No
	usershare allow guests = Yes
	panic action = /usr/share/samba/panic-action %d
	passdb backend = ldapsam:ldaps://ldap1.xetus.com
	ldap suffix = dc=xetus,dc=com


2. /etc/nsswitch.conf

passwd:      files ldap
group:         files ldap
shadow:      files ldap

hosts:          files dns
networks:    files

protocols:    db files
services:     db files
ethers:        db files
rpc:             db files

netgroup: nis


3. /etc/pam.d/common-auth

auth	[success=2 default=ignore]	pam_unix.so nullok_secure
auth	[success=1 default=ignore]	pam_ldap.so use_first_pass
auth	requisite			pam_deny.so
auth	required			pam_permit.so


4. /etc/pam.d/common-account

account	[success=2 new_authtok_reqd=done default=ignore]	pam_unix.so 
account	[success=1 default=ignore]	pam_ldap.so 
account	requisite			pam_deny.so
account	required			pam_permit.so


5. /etc/pam.d/common-password

password	requisite			pam_cracklib.so retry=3 minlen=8 difok=3
password	[success=2 default=ignore]	pam_unix.so obscure use_authtok try_first_pass sha512
password	[success=1 user_unknown=ignore default=die]	pam_ldap.so use_authtok try_first_pass
password	requisite			pam_deny.so
password	required			pam_permit.so
password	optional			pam_smbpass.so nullok use_authtok 						use_first_pass
6. /etc.pam.d/common-session

session	[default=1]			pam_permit.so
session	requisite			pam_deny.so
session	required			pam_permit.so
session	required	                pam_unix.so 
session	optional			pam_ldap.so 
session	optional			pam_ck_connector.so nox11
session required        pam_mkhomedir.so umask=0022 skel=/etc/skel



I have another system running Ubuntu Server 10.04 (64-bit) where samba version 3.4.7 is installed (using apt-get). The /etc/nsswitch.conf and all the /etc/pam.d/common-{auth, ccount,password,session} match the respective files from Ubuntu Server 9.04 system (described earlier). 
Other  relevant packages installed on both the systems are winbind, libpam-smbpass and smbldap-tools.  My question is, why does ldap authentication works with samba version 3.3.2 and not with samba version 3.4.7 even though the directives in the configuration files are the same?  Am i missing a step here. 
Can anyone point me in the right direction on this issue. I would  appreciate all your time and help.
Thanks in advance.

- Amit

More information about the samba mailing list