[Samba] Configuring RHEL6 Samba4 DC for local accounts
Michael Brown
michael at netdirect.ca
Sun Jan 26 01:40:10 MST 2014
I've configured a new RHEL DC with sernet samba 4.1.4 and a domain just
upgraded from classic with an LDAP backend.
I need to configure the DC with user accounts and since:
* I can't use winbind on a DC
* I can't use SSSD with the sernet packages
it looks like the best thing to use is LDAP. I've configured it with:
authconfig --enableldap --enableldapauth
--ldapserver=ldap://ad.example.com --ldapbasedn=dc=ad,dc=example,dc=com
--enablerfc2307bis --enablekrb5 --update
(I get "error reading information on service winbind: No such file or
directory" but I just ignore it as it looks like it configured LDAP)
and added entries to /etc/pam_ldap.conf so it ends up looking like this:
base dc=ad,dc=example,dc=com
binddn "CN=Unix LDAP,OU=Service Accounts,DC=ad,DC=example,DC=com"
bindpw "penguin5t0ry"
pam_password md5
uri ldap://ad.example.com
ssl no
tls_cacertdir /etc/openldap/cacerts
tls_checkpeer no
Doing a search from the command line works:
$ ldapsearch -x -H ldap://ad.example.com -D 'CN=Unix LDAP,OU=Service
Accounts,DC=ad,DC=example,DC=com' -W cn=netdirect uidNumber gidNumber cn
unixHomeDirectory
Enter LDAP Password:
# netdirect, Staff, ad.example.com
dn: CN=netdirect,OU=Staff,DC=ad,DC=example,DC=com
cn: netdirect
uidNumber: 500
unixHomeDirectory: /net/server1/home/netdirect
gidNumber: 500
but things just aren't working - PAM isn't looking up any entries. I
tried enabling debugging by adding 'debug' to all of the pam_ldap lines
in /etc/pam.d and capturing *.debug in syslog, but it didn't show anything.
Help?
M.
--
Michael Brown | `One of the main causes of the fall of
Systems Consultant | the Roman Empire was that, lacking zero,
Net Direct Inc. | they had no way to indicate successful
☎: +1 519 883 1172 x5106 | termination of their C programs.' - Firth
More information about the samba
mailing list