RE: help with samba and ldap on centos 5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 
Try running this:
 
authconfig --kickstart --enablelocauthorize
 
And see if that does the trick, what you want to see under 'account'
 
account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
account     required      pam_permit.so
 
The above command should do the trick.
 
-Ross
 

From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On Behalf Of Aaron Bliss
Sent: Monday, August 06, 2007 11:41 AM
To: CentOS mailing list
Subject: Re: help with samba and ldap on centos 5

Hi Ross,
I used authconfig to configure the box.  Here are the configs:

cat /etc/nsswitch.conf | grep -v \#
passwd:     files ldap
shadow:     files ldap
group:      files ldap
hosts:      files dns
bootparams: nisplus [NOTFOUND=return] files
ethers:     files
netmasks:   files
networks:   files
protocols:  files ldap
rpc:        files
services:   files ldap
netgroup:   files ldap
publickey:  nisplus
automount:  files ldap
aliases:    files nisplus

cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_ldap.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
password    sufficient    pam_ldap.so use_authtok
password    required      pam_deny.so

session    required    pam_mkhomedir.so skel=/etc/skel/ umask=0022
session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so
session     optional      pam_ldap.so

cat /etc/sysconfig/authconfig
USEWINBINDAUTH=no
USEKERBEROS=no
USESYSNETAUTH=no
FORCESMARTCARD=no
USESMBAUTH=no
USESMARTCARD=no
USELDAPAUTH=yes
USEWINBIND=no
USESHADOW=yes
USEDB=no
USEHESIOD=no
USEPASSWDQC=no
USELDAP=yes
USELOCAUTHORIZE=no
USEMD5=yes
USECRACKLIB=yes
USENIS=no

Thanks again.
Aaron

Ross S. W. Walker wrote: 
-----Original Message-----
From: centos-bounces@xxxxxxxxxx 
[mailto:centos-bounces@xxxxxxxxxx] On Behalf Of Aaron Bliss
Sent: Monday, August 06, 2007 11:16 AM
To: centos@xxxxxxxxxx
Subject:  help with samba and ldap on centos 5

Hi everyone; I'm having some trouble with samba on a centos 5 
box; the 
box has been configured to authenticate against an ldap server via 
authconfig....authentication for normal use (console, ssh) works 
great....I'm having some trouble with samba using single ldap 
users or 
local users....It's rather weird, shares in which access restrictions 
are based upon ldap groups are working fine, getent group shows local 
and ldap groups, however attempting to assign access to a share for 
either a single ldap user or a local user doesn't work, and 
produces the 
following error when trying to hit the share:
smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User myuser1 !

For local users, I've added local os accounts as well as 
accounts in the 
samba database with smbpasswd
Any ideas? Thanks for your help.
    

Did you use authconfig to configure ldap auth or did you manually edit
the PAM database?

Can you post a copy of your /etc/sysconfig/authconfig,
/etc/pam.d/system-auth, and a copy of your /etc/nsswitch.conf?

-Ross

______________________________________________________________________
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. 
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux