search for: pam_filter

...se pam filters to authenticate users on LDAP 2.3 with Samba-3.0.26a on a Fedora Core 7 For information,samba is compiled with the --with-ldapsam option (2.0 LDAP schema) Basic LDAP authentication works well, when I type 'getent passwd', all my users are displayed. Now I want to use the pam_filter option in the /etc/ldap.conf file, but I can't make it work : For example, with pam_filter objectclass=supannPerson, getent passwd returns the same list as when I don't use the filters - Here's the ldap.conf file : base dc=tata,dc=toto,dc=fr binddn cn=XXXXX,dc=tata,dc=toto,dc=fr bi...

Hi, we use an openldap server / samba as domain controller for our windows/linux workstations. on a specific server, login should only be allowed, if the certain user is member of a group (let's call this group "login"). All the users in the domain are members of the group "Domain Users". Therefore their primary gid is not the login-group's gid. How can I make the

...e sub #scope one #scope base # Search timelimit #timelimit 30 # Bind timelimit #bind_timelimit 30 # Idle timelimit; client will close connections # (nss_ldap only) if the server has not been contacted # for the number of seconds specified below. #idle_timelimit 3600 # Filter to AND with uid=%s #pam_filter objectclass=account # The user ID attribute (defaults to uid) #pam_login_attribute uid # Search the root DSE for the password policy (works # with Netscape Directory Server) #pam_lookup_policy yes # Check the 'host' attribute for access control # Default is no; if set to yes, and user ha...

...reason for this is that I feel winbindd does a better job of failing over from a unavailable authentication server than pam_ldap. In any case - I have it all working well on CentOS 5.4, but my only delimma is how to prevent unwanted users from logging onto servers. Using pam_ldap we would use the pam_filter option in ldap.conf to define who we wanted to allow to login using an LDAP attribute. Is there a setting in smb.conf or some other winbind mechanism for defining who is allowed to login? Note - this should include not only console, but ssh and any other service that uses the system-auth PAM. Ma...

...can't I tell samba-tool to give the user a unixHomeDirectory :( ) In my ldap.conf, I'm using: nss_map_attribute uid sAMAccountName nss_map_attribute uniqueMember member nss_map_attribute homeDirectory unixHomeDirectory nss_map_attribute gecos displayName pam_login_attribute sAMAccountName pam_filter objectclass=posixAccount pam_password ad What are people doing for maintaining their Unix accounts in AD? Should all the unix accounts also have oc posixAccount? Also, looks like samba-tool isn't adding the msSFU30NisDomain - this makes the Unix attributes not enabled in ADUC. It should proba...

...in' attribute (we cannot use the 'uid' attribute) and the gecos has to start with the '#' character for the user to be authenticated. But my problem is that I can't parameter the /etc/ldap.conf file to use these filters. I tried to put this in the /etc/ldap.conf file : pam_filter iufmLogin=%s pam_login_attribute iufmLogin But the system seems to ignore these filters and it only uses the 'uid' attribute when I try the 'getent passwd' command. Can someone explain me how to do this correctly ? Thanks Norbert Gomes

...tware with exponential backoff, soft will fail # immediately. #bind_policy hard # Idle timelimit; client will close connections # (nss_ldap only) if the server has not been contacted # for the number of seconds specified below. #idle_timelimit 3600 idle_timelimit 3600 # Filter to AND with uid=%s #pam_filter objectclass=account # The user ID attribute (defaults to uid) #pam_login_attribute uid # Search the root DSE for the password policy (works # with Netscape Directory Server) #pam_lookup_policy yes # Check the 'host' attribute for access control # Default is no; if set to yes, and user ha...

...es [print$] comment = Printer Driver Download Area path = /etc/samba/drivers browseable = yes guest ok = yes read only = yes ================ /etc/ldap.conf uri ldap://x.x.x.x base dc=test binddn cn=Directory Manager bindpw xxxx #pam_password exop #pam_filter objectclass=sambaSamAccount nss_base_passwd ou=Users,dc=test nss_base_shadow ou=Users,dc=test nss_base_group ou=NTGroups,dc=test ssl no

...userPassword: {CRYPT}c28JIqzpe43e shadowLastChange: 14817 shadowMax: 9999 Here's /etc/ldap.conf base dc=example,dc=com uri ldapi:///127.0.0.1 uri ldap://127.0.0.1 ldap_version 3 binddn cn=admin,dc=example,dc=com bindpw mysecret rootbinddn cn=admin,dc=example,dc=com scope sub bind_policy soft pam_filter objectclass=posixAccount pam_login_attribute uid pam_check_host_attr yes pam_member_attribute memberUid pam_password md5 nss_base_passwd ou=people,dc=example,dc=com?sub nss_base_passwd ou=computers,dc=example,dc=com?sub nss_base_group ou=groups,dc=example,dc=com?sub And the smbldap.conf: SID=&qu...

...=1.3,id=1" ldap filter = "(&(login=%u)(objectclass=sambaAccount))" ------------------ end - smb.conf --------------------- The file /etc/ldap.conf ------------------- ldap.conf ----------------------- pam_login_attribute uid pam_filter objectclass=myPerson ------------ end - ldap.conf ---------------------- The file /etc/nsswitch.conf ( on the directory server and on the samba server): ----------- nsswitch.conf -------------------- nss_base_passwd id=1.3.3,id=1.3,id=1 nss_base_shadow id=1.3.3,id=1.3,id=1 n...

...$ uidNumber: 10090 gidNumber: 502 homeDirectory: /home/admeta loginShell: /bin/false description: machine l: ver userPassword:: e1NNRDV9VnFXV0F0Z2JBKzVyYTFLN2VwVzVIOGlUM3h3PQ== The machine is in group ou=hardware. My /etc/ldap.conf is: URI ldap://localhost:389/ BASE dc=bbs1-emden,dc=schule pam_filter objectclass=posixAccount pam_login_attribute uid nss_base_passwd ou=accounts,dc=bbs1-emden,dc=schule?one nss_base_group ou=groups,dc=bbs1-emden,dc=schule?one My smb.conf is: [global] workgroup = BBS1_EMDEN passdb backend = ldapsam:ldap://fileserver...

...ase_group DC=DAP,DC=local nss_map_objectclass posixAccount user nss_map_attribute uid msSFUName nss_map_attribute homeDirectory msSFUHomeDirectory nss_map_objectclass posixGroup Group nss_map_attribute cn msSFUName nss_map_attribute userPassword msSFUPassword nss_map_attribute uniqueMember member pam_filter objectclass=user pam_login_attribute sAMAccountName pam_password ads pam_filter objectclass=posixAccount spnego yes Nsswitch.conf passwd: files winbind shadow: files winbind group: files winbind hosts: files dns winbind networks: files dns services: files protocols: files rpc: files ether...

....so   and check the content of :   /etc/pam_ldap.conf And this as example adjust as needed.   base dc=domain,dc=local uri ldap://dc01.domain.local/ ldap://dc02.domain.local/ ldap_version 3 binddn auth_ldap_user at domain.local bindpw password rootbinddn auth_ldap_user at domain.local pam_filter objectclass=user pam_login_attribute sAMAccountName pam_password crypt   ^^ test with and without the pam_password crypt And test with pam_password bind       Greetz,   Louis     Van: Marcel Ebbrecht [mailto:m.ebbrecht at dortmundit.de] Verzonden: maandag 25 januari 2016 19:54 Aa...

...posixAccount user nss_map_objectclass shadowAccount user nss_map_attribute uid sAMAccountName nss_map_attribute homeDirectory unixHomeDirectory nss_map_attribute shadowLastChange pwdLastSet nss_map_objectclass posixGroup group nss_map_attribute uniqueMember member pam_login_attribute sAMAccountName pam_filter objectclass=User pam_password ad xxxuser is a read-only account in the AD. /etc/pam.conf: ... dovecot auth required /opt/RDGpldap/lib/pam_ldap.so dovecot account required /opt/RDGpldap/lib/pam_ldap.so dovecot session required /opt/RDGpldap/lib/pam_...

...atreides.cc.ad.itu.edu.tr base dc=cc,dc=ad,dc=itu,dc=edu,dc=tr nss_map_objectclass posixAccount User nss_map_attribute uid sAMAccountName nss_map_attribute uniqueMember Member nss_map_attribute homeDirectory msSFUHomeDirectory nss_map_objectclass posixGroup Group pam_login_attribute sAMAccountName pam_filter objectclass=User pam_password ad nothing seems bad my samba works well but i've got a problem like: when i use the command "wbinfo" it cannot give me the right uid (not the same with PDC) [root@atolye4 lib]# id unalgu uid=26198(unalgu) gid=100(users) groups=100(users) [root@atoly...

...d[28505]: pam_ldap: ldap_modify_s Insufficient access Can you please help, because this is a very important issue for us! Thanks in advance, Thorsten. Some conf-staff: /etc/openldap/ldap.conf host 192.168.1.1 base dc=tdm-consult, dc=com ssl no # f?r nss_ldap crypt des # f?r pam_ldap pam_filter objectclass=posixAccount pam_login_attribute uid pam_crypt local pam_password crypt ldap_version 3 /etc/openldap/slap.conf suffix "dc=tdm-consult,dc=com" rootdn "cn=tdm,dc=tdm-consult,dc=com" rootpw {crypt}... /etc/pam.d/passwd a...

...p alloc config:ldap_url = ldap://localhost idmap alloc config:range = 50000-500000 #logging log level = 1 --- my nsswitch/pam /etc/ldap.conf --- ssl off suffix "dc=th-domain,dc=lan" uri ldap://localhost pam_password exop rootbinddn "cn=root,dc=th-domain,dc=lan" ldap_version 3 pam_filter objectclass=posixAccount pam_login_attribute uid pam_member_attribute memberuid nss_base_passwd ou=peoples,dc=th-domain,dc=lan nss_base_shadow ou=peoples,dc=th-domain,dc=lan nss_base_group ou=groups,dc=th-domain,dc=lan nss_base_hosts ou=hosts,dc=th-domain,dc=lan scope one ----

...false } LDAP.CONF host 140.100.10.150 base dc=datanat,dc=com nss_map_objectclass posixAccount User nss_map_attribute uid sAMAccountName nss_map_attribute uniqueMember Member nss_map_attribute homeDirectory msSFUHomeDirectory nss_map_objectclass posixGroup Group pam_login_attribute sAMAccountName pam_filter objectclass=User ssl no pam_password ad ldap_version 3 binddn cn=Administrator,cn=Users,dc=datanat,dc=com bindpw dc030103 port 389 Thanks for the support!!!

...p ldap user suffix = ou=People ldap machine suffix = ou=People ldap idmap suffix = ou=Idmap ldap ssl = start tls ldap passwd sync = yes /etc/ldap.conf uri ldaps://ldap2.adastral.ucl.ac.uk:636 base dc=adastral,dc=ucl,dc=ac,dc=uk rootbinddn cn=nssldap,ou=DSA,dc=adastral,dc=ucl,dc=ac,dc=uk scope one pam_filter objectclass=posixaccount pam_login_attribute uid pam_member_attribute gid pam_template_login_attribute uid pam_password md5 nss_base_passwd ou=People,dc=adastral,dc=ucl,dc=ac,dc=uk?one nss_base_shadow ou=People,dc=adastral,dc=ucl,dc=ac,dc=uk?one nss_base_group ou=Group,dc=a...

....*dc=unigiciel,dc=com" attrs=userPassword,sambaLMPassword,sambaNTPassword by dn="cn=manager,dc=unigiciel,dc=com" write by self write by anonymous auth by * read my /etc/ldap.conf ssl no port 389 rootbinddn cn=manager,dc=mydomain,dc=com pam_filter objectclass=posixAccount pam_login_attribute uid My samba version samba-3.0.0beta3-1 my pam login auth required /lib/security/pam_securetty.so auth required /lib/security/pam_nologin.so auth sufficient /lib/security/pam_ldap.so auth required /lib/security/pa...