[CentOS] help with samba and ldap on centos 5

Mon Aug 6 15:48:14 UTC 2007
Ross S. W. Walker <rwalker at medallion.com>

 
Try running this:
 
authconfig --kickstart --enablelocauthorize
 
And see if that does the trick, what you want to see under 'account'
 
account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
account     required      pam_permit.so
 
The above command should do the trick.
 
-Ross
 


________________________________

	From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Aaron Bliss
	Sent: Monday, August 06, 2007 11:41 AM
	To: CentOS mailing list
	Subject: Re: [CentOS] help with samba and ldap on centos 5
	
	
	Hi Ross,
	I used authconfig to configure the box.  Here are the configs:
	
	cat /etc/nsswitch.conf | grep -v \#
	passwd:     files ldap
	shadow:     files ldap
	group:      files ldap
	hosts:      files dns
	bootparams: nisplus [NOTFOUND=return] files
	ethers:     files
	netmasks:   files
	networks:   files
	protocols:  files ldap
	rpc:        files
	services:   files ldap
	netgroup:   files ldap
	publickey:  nisplus
	automount:  files ldap
	aliases:    files nisplus
	
	cat /etc/pam.d/system-auth
	#%PAM-1.0
	# This file is auto-generated.
	# User changes will be destroyed the next time authconfig is run.
	auth        required      pam_env.so
	auth        sufficient    pam_unix.so nullok try_first_pass
	auth        requisite     pam_succeed_if.so uid >= 500 quiet
	auth        sufficient    pam_ldap.so use_first_pass
	auth        required      pam_deny.so
	
	account     required      pam_unix.so broken_shadow
	account     sufficient    pam_succeed_if.so uid < 500 quiet
	account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
	account     required      pam_permit.so
	
	password    requisite     pam_cracklib.so try_first_pass retry=3
	password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
	password    sufficient    pam_ldap.so use_authtok
	password    required      pam_deny.so
	
	session    required    pam_mkhomedir.so skel=/etc/skel/ umask=0022
	session     optional      pam_keyinit.so revoke
	session     required      pam_limits.so
	session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
	session     required      pam_unix.so
	session     optional      pam_ldap.so
	
	cat /etc/sysconfig/authconfig
	USEWINBINDAUTH=no
	USEKERBEROS=no
	USESYSNETAUTH=no
	FORCESMARTCARD=no
	USESMBAUTH=no
	USESMARTCARD=no
	USELDAPAUTH=yes
	USEWINBIND=no
	USESHADOW=yes
	USEDB=no
	USEHESIOD=no
	USEPASSWDQC=no
	USELDAP=yes
	USELOCAUTHORIZE=no
	USEMD5=yes
	USECRACKLIB=yes
	USENIS=no
	
	Thanks again.
	Aaron
	
	Ross S. W. Walker wrote: 

			-----Original Message-----
			From: centos-bounces at centos.org 
			[mailto:centos-bounces at centos.org] On Behalf Of Aaron Bliss
			Sent: Monday, August 06, 2007 11:16 AM
			To: centos at centos.org
			Subject: [CentOS] help with samba and ldap on centos 5
			
			Hi everyone; I'm having some trouble with samba on a centos 5 
			box; the 
			box has been configured to authenticate against an ldap server via 
			authconfig....authentication for normal use (console, ssh) works 
			great....I'm having some trouble with samba using single ldap 
			users or 
			local users....It's rather weird, shares in which access restrictions 
			are based upon ldap groups are working fine, getent group shows local 
			and ldap groups, however attempting to assign access to a share for 
			either a single ldap user or a local user doesn't work, and 
			produces the 
			following error when trying to hit the share:
			smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User myuser1 !
			
			For local users, I've added local os accounts as well as 
			accounts in the 
			samba database with smbpasswd
			Any ideas? Thanks for your help.
			    

		
		Did you use authconfig to configure ldap auth or did you manually edit
		the PAM database?
		
		Can you post a copy of your /etc/sysconfig/authconfig,
		/etc/pam.d/system-auth, and a copy of your /etc/nsswitch.conf?
		
		-Ross
		
		______________________________________________________________________
		This e-mail, and any attachments thereto, is intended only for use by
		the addressee(s) named herein and may contain legally privileged
		and/or confidential information. If you are not the intended recipient
		of this e-mail, you are hereby notified that any dissemination,
		distribution or copying of this e-mail, and any attachments thereto,
		is strictly prohibited. If you have received this e-mail in error,
		please immediately notify the sender and permanently delete the
		original and any copy or printout thereof.
		
		_______________________________________________
		CentOS mailing list
		CentOS at centos.org
		http://lists.centos.org/mailman/listinfo/centos
		  


______________________________________________________________________
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20070806/0fd27256/attachment-0005.html>