thr3ads.net - samba - [Samba] Configuring RHEL6 Samba4 DC for local accounts [Jan 2014]

If this information is useful, please help other people find it:
Share via:

Michael Brown

2014-Jan-26 08:40 UTC

[Samba] Configuring RHEL6 Samba4 DC for local accounts

I've configured a new RHEL DC with sernet samba 4.1.4 and a domain just 
upgraded from classic with an LDAP backend.

I need to configure the DC with user accounts and since:
* I can't use winbind on a DC
* I can't use SSSD with the sernet packages

it looks like the best thing to use is LDAP. I've configured it with:

authconfig --enableldap --enableldapauth 
--ldapserver=ldap://ad.example.com --ldapbasedn=dc=ad,dc=example,dc=com 
--enablerfc2307bis --enablekrb5 --update

(I get "error reading information on service winbind: No such file or 
directory" but I just ignore it as it looks like it configured LDAP)

and added entries to /etc/pam_ldap.conf so it ends up looking like this:

base dc=ad,dc=example,dc=com
binddn "CN=Unix LDAP,OU=Service Accounts,DC=ad,DC=example,DC=com"
bindpw "penguin5t0ry"
pam_password md5
uri ldap://ad.example.com
ssl no
tls_cacertdir /etc/openldap/cacerts
tls_checkpeer no

Doing a search from the command line works:

$ ldapsearch -x -H ldap://ad.example.com -D 'CN=Unix LDAP,OU=Service 
Accounts,DC=ad,DC=example,DC=com' -W cn=netdirect uidNumber gidNumber cn 
unixHomeDirectory
Enter LDAP Password:
# netdirect, Staff, ad.example.com
dn: CN=netdirect,OU=Staff,DC=ad,DC=example,DC=com
cn: netdirect
uidNumber: 500
unixHomeDirectory: /net/server1/home/netdirect
gidNumber: 500

but things just aren't working - PAM isn't looking up any entries. I 
tried enabling debugging by adding 'debug' to all of the pam_ldap lines 
in /etc/pam.d and capturing *.debug in syslog, but it didn't show anything.

Help?

M.

-- 
Michael Brown               | `One of the main causes of the fall of
Systems Consultant          | the Roman Empire was that, lacking zero,
Net Direct Inc.             | they had no way to indicate successful
?: +1 519 883 1172 x5106    | termination of their C programs.' - Firth

Marc Muehlfeld

2014-Jan-26 10:15 UTC

head link

[Samba] Configuring RHEL6 Samba4 DC for local accounts

Hello Michael,

Am 26.01.2014 09:40, schrieb Michael Brown:> I've configured a new RHEL DC with sernet samba 4.1.4 and a domain just
> upgraded from classic with an LDAP backend.
>
> I need to configure the DC with user accounts and since:
> * I can't use winbind on a DC
> * I can't use SSSD with the sernet packages > it looks like the best thing to use is LDAP.

What's wrong with winbind and SSSD?


Have you seen
http://wiki.samba.org/index.php/Local_user_management_and_authentication



Regards,
Marc

Reasonably Related Threads

Search for more maybe matching threads

samba - Jan 2014 - Configuring RHEL6 Samba4 DC for local accounts

[Samba] Configuring RHEL6 Samba4 DC for local accounts

[Samba] Configuring RHEL6 Samba4 DC for local accounts

Reasonably Related Threads