pam-ldap authentication for SaMBa (no PDC)

[sigpedag]

SIG - Pédagogie a écrit :
> Hello,
> 
> I'm moving a Debian server on RHEL 5.2 and I cannot connect to a SaMBa 
> share using a login/password stored in a remote LDAP server.
> 
> This is how I did it on Debian:
> 
>  - create a user account on the system (with no password) with a name 
> that matches the login in the ldap database
>  - modify /etc/pam.d/samba adding "auth sufficient pam_ldap.so"
>  - modify "host" and "base" lines of the file /etc/pam_ldap.conf with 
> LDAP infos
> 
> This is my setup in RHEL:
> 
> # cat /etc/pam.d/samba
> auth       sufficient   pam_ldap.so
> auth       include      system-auth
> 
> (of course pam_ldap.so exists)
> 
> # cat /etc/ldap.conf
> host xxx.univ-paris1.fr yyy.univ-paris1.fr zzz.univ-paris1.fr
> base dc=univ-paris1,dc=fr
> timelimit 120
> bind_timelimit 120
> idle_timelimit 3600
> nss_initgroups_ignoreusers 
> root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman
> 
> And I use "encrypt passwords = false" in my /etc/samba/smb.conf file
> 
> When I try to access a SMBA share with my login/password, I have this 
> message in /var/log/messages:
> 
> Nov 17 19:20:13 sigtest6 smbd[899]: [2008/11/17 19:20:13, 0] 
> auth/pampass.c:smb_pam_passcheck(815)
> Nov 17 19:20:13 sigtest6 smbd[899]:   smb_pam_passcheck: PAM: 
> smb_pam_account failed - Rejecting User xxxx !
> 
> The problem probably comes from the PAM configuration but I'm not 
> familiar with it and most of the things I found on the web deal with PDC 
> or admin-rights on the LDAP but not simple client remote ldap 
> authentication.
> 
> Any help would be greatly appreciated.

Seems that using:

authconfig --enableldap --enableldapauth --disablenis --enablecache 
--ldapserver=xxx.univ-paris1.fr --ldapbasedn=dc=univ-paris1,dc=fr 
--updateall

And restoring the original /etc/pam.d/samba does the trick.

Regards,

Nicolas

-- 
Ce message a ete verifie par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a ete trouve.