I have compiled and installed SAMBA 2.2.0 on a Red Hat 6.2 box. SAMBA was configured with the --with-pam option. I have the nss_ldap package installed. My goal is to use this SAMBA server as a PDC, and have it use PAM to authenticate to our existing LDAP server (which already does authentication for the E-mail system). On this same Red Hat / SAMBA box, I have for many months had a RADIUS daemon successfully authenticating dialup users to that same LDAP server via PAM. However, with SAMBA, I'm unable to get smbclient to authenticate successfully, except with usernames and passwords that exist on the local Red Hat server -- for those, it works fine. This is what /etc/pam.d/samba contains (this file came with nss_ldap): #%PAM-1.0 auth sufficient /lib/security/pam_ldap.so auth required /lib/security/pam_unix_auth.so try_first_pass account sufficient /lib/security/pam_ldap.so account required /lib/security/pam_unix_acct.so The SMB log says "Couldn't find user <username>", as if it isn't checking the LDAP server, only the local user database. I'm sure I'm missing something simple, but does anyone have any pointers? Thanks! -- Jefferson Davis Williams Director of Computer and Network Services Danville Area Community College 2000 East Main Street Danville, IL 61832 217.443.8871
There have been a couple of mail about problems with samba PDC and pam on this list the last days. May be they are related to your problem. Christian> I have compiled and installed SAMBA 2.2.0 on a Red Hat 6.2 box. SAMBA > was configured with the --with-pam option. I have the nss_ldap package > installed. > > My goal is to use this SAMBA server as a PDC, and have it use PAM to > authenticate to our existing LDAP server (which already does > authentication for the E-mail system). On this same Red Hat / SAMBA > box, I have for many months had a RADIUS daemon successfully > authenticating dialup users to that same LDAP server via PAM. > > However, with SAMBA, I'm unable to get smbclient to authenticate > successfully, except with usernames and passwords that exist on the > local Red Hat server -- for those, it works fine. This is what > /etc/pam.d/samba contains (this file came with nss_ldap): > > #%PAM-1.0 > auth sufficient /lib/security/pam_ldap.so > auth required /lib/security/pam_unix_auth.so try_first_pass > account sufficient /lib/security/pam_ldap.so > account required /lib/security/pam_unix_acct.so > > The SMB log says "Couldn't find user <username>", as if it isn't > checking the LDAP server, only the local user database. > > I'm sure I'm missing something simple, but does anyone have any > pointers? Thanks! > > -- > > Jefferson Davis Williams > Director of Computer and Network Services > Danville Area Community College > 2000 East Main Street > Danville, IL 61832 > 217.443.8871 > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >_______________________________________________________________________ In a world without walls and fences, who needs windows and gates? (SUN)
On Fri, 27 Apr 2001, Jeff Williams wrote:> The SMB log says "Couldn't find user <username>", as if it isn't > checking the LDAP server, only the local user database.do you have /etc/ldap.conf set up properly? and does: ldapsearch -ZZ -b "<your LDAP base" "(uid=username)" "uid" -x return a dn? regards, -- Paul Jakma paul@clubi.ie paul@jakma.org PGP5 key: http://www.clubi.ie/jakma/publickey.txt ------------------------------------------- Fortune: The amount of weight an evangelist carries with the almighty is measured in billigrahams.