FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Linux

 
 
LinkBack Thread Tools
 
Old 11-17-2008, 05:32 PM
SIG - Pédagogie
 
Default pam-ldap authentication for SaMBa (no PDC)

Hello,

I'm moving a Debian server on RHEL 5.2 and I cannot connect to a SaMBa
share using a login/password stored in a remote LDAP server.


This is how I did it on Debian:

- create a user account on the system (with no password) with a name
that matches the login in the ldap database

- modify /etc/pam.d/samba adding "auth sufficient pam_ldap.so"
- modify "host" and "base" lines of the file /etc/pam_ldap.conf with
LDAP infos


This is my setup in RHEL:

# cat /etc/pam.d/samba
auth sufficient pam_ldap.so
auth include system-auth

(of course pam_ldap.so exists)

# cat /etc/ldap.conf
host xxx.univ-paris1.fr yyy.univ-paris1.fr zzz.univ-paris1.fr
base dc=univ-paris1,dc=fr
timelimit 120
bind_timelimit 120
idle_timelimit 3600
nss_initgroups_ignoreusers
root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat, radiusd,news,mailman


And I use "encrypt passwords = false" in my /etc/samba/smb.conf file

When I try to access a SMBA share with my login/password, I have this
message in /var/log/messages:


Nov 17 19:20:13 sigtest6 smbd[899]: [2008/11/17 19:20:13, 0]
auth/pampass.c:smb_pam_passcheck(815)
Nov 17 19:20:13 sigtest6 smbd[899]: smb_pam_passcheck: PAM:
smb_pam_account failed - Rejecting User xxxx !


The problem probably comes from the PAM configuration but I'm not
familiar with it and most of the things I found on the web deal with PDC
or admin-rights on the LDAP but not simple client remote ldap
authentication.


Any help would be greatly appreciated.

Regards,

--
Nicolas Cuissard

Université PARIS 1 - Panthéon Sorbonne
SIG-Pédagogie
Tel : +33 (0)1 44 07 89 76
Fax : +33 (0)1 44 07 86 10

--
Ce message a ete verifie par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a ete trouve.

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 11-17-2008, 06:09 PM
sigpedag
 
Default pam-ldap authentication for SaMBa (no PDC)

SIG - Pédagogie a écrit :

Hello,

I'm moving a Debian server on RHEL 5.2 and I cannot connect to a SaMBa
share using a login/password stored in a remote LDAP server.


This is how I did it on Debian:

- create a user account on the system (with no password) with a name
that matches the login in the ldap database

- modify /etc/pam.d/samba adding "auth sufficient pam_ldap.so"
- modify "host" and "base" lines of the file /etc/pam_ldap.conf with
LDAP infos


This is my setup in RHEL:

# cat /etc/pam.d/samba
auth sufficient pam_ldap.so
auth include system-auth

(of course pam_ldap.so exists)

# cat /etc/ldap.conf
host xxx.univ-paris1.fr yyy.univ-paris1.fr zzz.univ-paris1.fr
base dc=univ-paris1,dc=fr
timelimit 120
bind_timelimit 120
idle_timelimit 3600
nss_initgroups_ignoreusers
root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat, radiusd,news,mailman


And I use "encrypt passwords = false" in my /etc/samba/smb.conf file

When I try to access a SMBA share with my login/password, I have this
message in /var/log/messages:


Nov 17 19:20:13 sigtest6 smbd[899]: [2008/11/17 19:20:13, 0]
auth/pampass.c:smb_pam_passcheck(815)
Nov 17 19:20:13 sigtest6 smbd[899]: smb_pam_passcheck: PAM:
smb_pam_account failed - Rejecting User xxxx !


The problem probably comes from the PAM configuration but I'm not
familiar with it and most of the things I found on the web deal with PDC
or admin-rights on the LDAP but not simple client remote ldap
authentication.


Any help would be greatly appreciated.


Seems that using:

authconfig --enableldap --enableldapauth --disablenis --enablecache
--ldapserver=xxx.univ-paris1.fr --ldapbasedn=dc=univ-paris1,dc=fr
--updateall


And restoring the original /etc/pam.d/samba does the trick.

Regards,

Nicolas

--
Ce message a ete verifie par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a ete trouve.

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 11-17-2008, 06:14 PM
mark
 
Default pam-ldap authentication for SaMBa (no PDC)

SIG - Pédagogie wrote:
> Hello,
>
> I'm moving a Debian server on RHEL 5.2 and I cannot connect to a SaMBa
> share using a login/password stored in a remote LDAP server.
>
> This is how I did it on Debian:
<snip>
> (of course pam_ldap.so exists)
<snip>
> The problem probably comes from the PAM configuration but I'm not
> familiar with it and most of the things I found on the web deal with PDC
> or admin-rights on the LDAP but not simple client remote ldap
> authentication.
>
#1: look at /etc/pam.d/system-auth
Make sure that it has the entry for ldap.so in each of the stanzas. Also make
sure that nsswitch.conf is right.

mark


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 

Thread Tools




All times are GMT. The time now is 04:07 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org