thr3ads.net - samba - [Samba] su broken after ldap auth [Jul 2005]

If this information is useful, please help other people find it:
Share via:

Natxo Asenjo

2005-Jul-06 20:33 UTC

[Samba] su broken after ldap auth

hi,

first of all, thanks to all the samba team for your great work and
documentation. Well done!

I have followed the 'By Example' guide, everything is working fine,
except one thing. As indicated on chapter 5, point 14 of Configuration
of smbldap-tools, when I try:

# getent passwd | grep root

I have 2 results, both id 0

root:x:0:0:root:/root:/bin/bash
root:x:0:512:Netbios Domain Administrator:/root:/bin/bash

The problem arises when, as root, I try su-ing to another user. It
asks me for a password! Which is quite embarrassing if the account you
try to su to has none (like the account for the fetchmail daemon, for
instance).

This all on a debian sarge, samba 3.0.14a, openldap 2.2.23.8.

My /etc/pam.d/su is this:

#%PAM-1.0
auth       sufficient   /lib/security/pam_ldap.so
auth    requisite       pam_wheel.so group=wheel debug
auth       required     /lib/security/pam_unix_auth.so use_first_pass
account    sufficient    /lib/security/pam_ldap.so
account    required     /lib/security/pam_unix_acct.so
password   required   /lib/security/pam_ldap.so use_first_pass use_authtok
session    required     /lib/security/pam_unix_session.so

thanks in advance,

N.Asenjo

Thorsten Reichelt

2005-Jul-06 21:09 UTC

head link

[Samba] su broken after ldap auth

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi !> My /etc/pam.d/su is this:
I had the same problem and many more.
Now my pam.d/su looks like this:

#### /etc/pam.d/su ###
auth            sufficient      pam_rootok.so
@include common-auth
@include common-account
@include common-session
######

#### /etc/pam.d/common-auth ####
auth    sufficient      pam_ldap.so
auth    required        pam_unix.so nullok_secure try_first_pass
######

### /etc/pam.d/common-account ###
account sufficient      pam_ldap.so
account required        pam_unix.so try_first_pass
######

### /etc/pam.d/common-session ###
session required        pam_mkhomedir.so skel=/etc/skel_suse/ umask=0022
session required        pam_limits.so
session required        pam_unix.so
session optional        pam_ldap.so
#####

It took me many days to get this working.
I "like" pam. :-)

  Thorsten R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCzEiTbWtKWOfip4sRAk1DAKDNVagpQBXvqSUMnTyArfVaeu9+ugCgg0Dh
7wlvDcBsTdiosA+M8wVuegA=X6my
-----END PGP SIGNATURE-----

Apparently Analagous Threads

Search for more apparently analagous threads

samba - Jul 2005 - su broken after ldap auth

[Samba] su broken after ldap auth

[Samba] su broken after ldap auth

Apparently Analagous Threads