[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: PAM and LDAP Problem

One of the pre-head releases of Samba does provide support for ldap

It worked great before I added PAM support....


-----Original Message-----
From: Chris Garrigues [mailto:cwg-dated-c4e2966db994b791@deepeddy.com]
Sent: Friday, July 06, 2001 2:55 PM
To: Norm Dressler
Cc: openldap-software@OpenLDAP.org
Subject: Re: PAM and LDAP Problem

> From:  "Norm Dressler" <ndressler@dinmar.com>
> Date:  Fri, 6 Jul 2001 13:15:49 -0400
> Well, I got things working from PAM, but it broke my other app (samba).
> BTW, uniquemember works if the pam_member_attribute is appropriately set
> the ldap.conf.
> My problem seems to be the password scripts.  Here's some output:
> [root@fpott01 bin]# ./smbpasswd -a ndressler -D 255
> getpwnam(ndressler)
> Building passwd hash table
> Building passwd hash table for the first time
> ndressler not found
> getpwnam(ndressler)
> ndressler not found
> getpwnam(NDRESSLER)
> NDRESSLER not found
> getpwnam(Ndressler)
> Ndressler not found
> getpwnam(ndressleR)
> ndressleR not found
> User "ndressler" was not found in system password file.
> [root@fpott01 bin]# su ndressler
> [ndressler@fpott01 bin]$ passwd
> Enter login(LDAP) password:
> New UNIX password:
> Retype new UNIX password:
> passwd: User not known to the underlying authentication module
> [ndressler@fpott01 bin]$ adduser ndressler
> adduser: user ndressler exists
> [ndressler@fpott01 bin]$
> SMBPASSWD seems to be using a call to getpwnam.  Do I have something
> misconfigured where this is not returning the LDAP version?  The passwd
> script seems to have a similar problem, even though the account exists.

Samba doesn't presently have LDAP support, and since Microsoft has it's own
scheme for password encryption, this is a problem.  My "solution" (read:
kludge) was to maintain a smbpasswd file in parallel with my LDAP database.
hope to get rid of this when samba has LDAP support in it.


Chris Garrigues                 http://www.DeepEddy.Com/~cwg/
virCIO                          http://www.virCIO.Com
4314 Avenue C
Austin, TX  78751-3709          +1 512 374 0500

  My email address is an experiment in SPAM elimination.  For an
  explanation of what we're doing, see http://www.DeepEddy.Com/tms.html

    Nobody ever got fired for buying Microsoft,
      but they could get fired for relying on Microsoft.