pam-ldap authentication for SaMBa (no PDC)



Hello,

I'm moving a Debian server on RHEL 5.2 and I cannot connect to a SaMBa share using a login/password stored in a remote LDAP server.

This is how I did it on Debian:

- create a user account on the system (with no password) with a name that matches the login in the ldap database
- modify /etc/pam.d/samba adding "auth sufficient pam_ldap.so"
- modify "host" and "base" lines of the file /etc/pam_ldap.conf with LDAP infos

This is my setup in RHEL:

# cat /etc/pam.d/samba
auth sufficient pam_ldap.so
auth include system-auth

(of course pam_ldap.so exists)

# cat /etc/ldap.conf
host xxx.univ-paris1.fr yyy.univ-paris1.fr zzz.univ-paris1.fr
base dc=univ-paris1,dc=fr
timelimit 120
bind_timelimit 120
idle_timelimit 3600
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman

And I use "encrypt passwords = false" in my /etc/samba/smb.conf file

When I try to access a SMBA share with my login/password, I have this message in /var/log/messages:

Nov 17 19:20:13 sigtest6 smbd[899]: [2008/11/17 19:20:13, 0] auth/pampass.c:smb_pam_passcheck(815)
Nov 17 19:20:13 sigtest6 smbd[899]: smb_pam_passcheck: PAM: smb_pam_account failed - Rejecting User xxxx !

The problem probably comes from the PAM configuration but I'm not familiar with it and most of the things I found on the web deal with PDC or admin-rights on the LDAP but not simple client remote ldap authentication.

Any help would be greatly appreciated.

Regards,

--
Nicolas Cuissard

Université PARIS 1 - Panthéon Sorbonne
SIG-Pédagogie
Tel : +33 (0)1 44 07 89 76
Fax : +33 (0)1 44 07 86 10

--
Ce message a ete verifie par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a ete trouve.

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list



Relevant Pages

  • slow ldap authenticaion
    ... Active Directory as our LDAP server. ... Using validated Microsoft ... I have had no issue woth RHEL 2 AS, ...
    (RedHat)
  • Re: pam-ldap authentication for SaMBa (no PDC)
    ... I'm moving a Debian server on RHEL 5.2 and I cannot connect to a SaMBa share using a login/password stored in a remote LDAP server. ... The problem probably comes from the PAM configuration but I'm not familiar with it and most of the things I found on the web deal with PDC or admin-rights on the LDAP but not simple client remote ldap authentication. ...
    (RedHat)
  • Re: getent / group / LDAP problem
    ... second server to mimic the first one. ... LDAP and assigned various users to these groups. ... the second field: ... RHEL provides a nifty lazy tool system-config-authentication which in my ...
    (RedHat)
  • How compatible are RHEL and clones?
    ... We're looking at installing a pair of boxes to do LDAP in a ... load-balanced environment, and I was considering putting RHEL on one ... order to save money on the RH license. ... Are any of the RHEL clones any better than any of the others as ...
    (RedHat)
  • Re: Security issues with LDAP NULL base connections on windows 2008
    ... By default, anonymous LDAP operations, except rootDSE searches and binds, are not permitted on Windows 2003 domain controllers or higher. ... If the remote LDAP server supports a version of the LDAP protocol ... consider whether to disable NULL BASE queries on your LDAP ... go about disabling it? ...
    (microsoft.public.windows.server.dns)