Hello All,
I have samba version 3.3.2 installed on a system running Ubuntu Server 9.04
(32-bit). The users trying to mount the samba shares authenticate over the LDAP
server.
Here is how my configuration files look like,
1. /etc/samba/smb.conf
[global]
server string = %h server (Samba, Ubuntu)
map to guest = Bad User
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n
*password\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
passdb backend = ldapsam:ldaps://ldap1.xetus.com
ldap suffix = dc=xetus,dc=com
2. /etc/nsswitch.conf
passwd: files ldap
group: files ldap
shadow: files ldap
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
3. /etc/pam.d/common-auth
auth [success=2 default=ignore] pam_unix.so nullok_secure
auth [success=1 default=ignore] pam_ldap.so use_first_pass
auth requisite pam_deny.so
auth required pam_permit.so
4. /etc/pam.d/common-account
account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so
account [success=1 default=ignore] pam_ldap.so
account requisite pam_deny.so
account required pam_permit.so
5. /etc/pam.d/common-password
password requisite pam_cracklib.so retry=3 minlen=8 difok=3
password [success=2 default=ignore] pam_unix.so obscure use_authtok
try_first_pass sha512
password [success=1 user_unknown=ignore default=die] pam_ldap.so use_authtok
try_first_pass
password requisite pam_deny.so
password required pam_permit.so
password optional pam_smbpass.so nullok use_authtok use_first_pass
6. /etc.pam.d/common-session
session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session required pam_unix.so
session optional pam_ldap.so
session optional pam_ck_connector.so nox11
session required pam_mkhomedir.so umask=0022 skel=/etc/skel
I have another system running Ubuntu Server 10.04 (64-bit) where samba version
3.4.7 is installed (using apt-get). The /etc/nsswitch.conf and all the
/etc/pam.d/common-{auth, ccount,password,session} match the respective files
from Ubuntu Server 9.04 system (described earlier).
Other relevant packages installed on both the systems are winbind,
libpam-smbpass and smbldap-tools. My question is, why does ldap authentication
works with samba version 3.3.2 and not with samba version 3.4.7 even though the
directives in the configuration files are the same? Am i missing a step here.
Can anyone point me in the right direction on this issue. I would appreciate
all your time and help.
Thanks in advance.
- Amit