pam-ldap authentication for SaMBa (no PDC)


I'm moving a Debian server on RHEL 5.2 and I cannot connect to a SaMBa share using a login/password stored in a remote LDAP server.

This is how I did it on Debian:

- create a user account on the system (with no password) with a name that matches the login in the ldap database
- modify /etc/pam.d/samba adding "auth sufficient"
- modify "host" and "base" lines of the file /etc/pam_ldap.conf with LDAP infos

This is my setup in RHEL:

# cat /etc/pam.d/samba
auth sufficient
auth include system-auth

(of course exists)

# cat /etc/ldap.conf
base dc=univ-paris1,dc=fr
timelimit 120
bind_timelimit 120
idle_timelimit 3600
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman

And I use "encrypt passwords = false" in my /etc/samba/smb.conf file

When I try to access a SMBA share with my login/password, I have this message in /var/log/messages:

Nov 17 19:20:13 sigtest6 smbd[899]: [2008/11/17 19:20:13, 0] auth/pampass.c:smb_pam_passcheck(815)
Nov 17 19:20:13 sigtest6 smbd[899]: smb_pam_passcheck: PAM: smb_pam_account failed - Rejecting User xxxx !

The problem probably comes from the PAM configuration but I'm not familiar with it and most of the things I found on the web deal with PDC or admin-rights on the LDAP but not simple client remote ldap authentication.

Any help would be greatly appreciated.


Nicolas Cuissard

Université PARIS 1 - Panthéon Sorbonne
Tel : +33 (0)1 44 07 89 76
Fax : +33 (0)1 44 07 86 10

Ce message a ete verifie par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a ete trouve.

redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe