Mark A. Taff wrote:
On Thursday 12 January 2006 18:50, Philip Washington wrote:
Has anybody solved the mystery of how to get LDAP authentication to work with Suse 10. We currently are using a samba PDC -with ldap back-end, but we have not been able to get it to authenticate linux systems. We have been able to get it to work with Windows systems though. I have been googling and searching through this newsgroup and I've a number of people with the same problem, but nobody with a solution.
Nope. I gave up after a couple weeks trying. I'll try again in a year or two. :-(
Mark
Following is the thread I started in linux.samba John H Terpstra wrote:
On Sunday 15 January 2006 09:52, Philip Washington wrote:
I have set up a Samba PDC and am trying to get my linux computers to use the PDC for authentication. So far using Suse 10 or RHEL4 I have not been able to accomplish this. I have been searching for 2 days looking for the information or the right combination of informationn and have not come up with a solution. Does anyone here know of a howto which shows a setup for a linux desktop which can use a Samba PDC so that users in a Domain can use their same logins to login to a linux desktop.
Have you checked chapter 7, section 7.3.5.1? If you have, what problems are you experiencing? I'd really like to make sure that our documentation is correct, so your help would be appreciated.
http://www.samba.org/samba/docs/Samba3-ByExample.pdf
- John T.
Duh. I bought the book but I didn't remember that part. I went to the samba displayed in html form and checked the link and could have sworn it took me to the ADS portion. Well nevermind this part, I just didn't pick up the book and look through it. Okay what I accomplished today is getting the logins working via console and gdm xdm. Things I found that may need correcting The html page when clicking on the link points you to a file that references ldap. passwd: files ldap shadow: files ldap group: files ldap I may be mistaken but I believe that for winbind configuration you need winbind instead of ldap here. I started with a straight Suse 10 setup with the files needed (I believe). I used Yast2 for my initial configuration and that didn't work. So I borrowed from your book and made some adjustments to the original files based on that. I still have some problems but a domain user can now logon. Problems I still have that I know of: 1) Users when logging in. System does not create a home directory for them if it's there first time to login. I think there is a PAM module or something like that, that might help, by getting and using there home directories from the file server. If someone has a better idea and/or sees the mistake I made causing this please post. 2) Once a user logs in , they cannot browse the network using the desktop application on Suse. They can see Samba servers and shares, but when they click on a share they can't login. Could something in the smb.conf file have done this? I haven't looked at the Samba PDC logs, but I looked at the file server logs and saw no changes there, like my computer didn't exist. Here are my configuration files. nsswitch.conf------------------------------------------------------------------------------------------------ passwd: compat winbind group: compat winbind hosts: files dns networks: files dns services: files protocols: files rpc: files ethers: files netmasks: files netgroup: files publickey: files bootparams: files automount: files nis aliases: files smb.conf --------------------------------------------------------------------- # I modified the idmaps to match what is on my Samba PDC # [global] workgroup = DOMTEST printing = cups security = domain netbios name = WRKSTN log level = 1 syslog = 0 log file = /var/log/samba/%m smb ports = 139 name resolve order = wins bcast hosts printcap name = cups printcap cache time = 750 cups options = raw map to guest = Bad User idmap gid = 16777216-33554431 idmap uid = 16777216-33554431 template primary group = "Domain Users" template shell = /bin/bash winbind separator = + hosts allow = 192.168.5.,127. -------------------------------------------------------------------- Okay here is where there is a slight deviation from the Samba3-examples (very slight, I think) [For those following along, if your logged into X to mak changes to pam.d file . Make changes to your pam.d file save them then hit Ctrl-Alt-F1 or Ctrl-Alt-F2, which will take you to a console screen. Once you are there make sure you can log in as root. Hit Ctrl-Alt-F7 to get back to the X window. If you are ssh into the system, create another ssh session before you start or try to make sure you can log in as root via ssh , before logging out of your current session.] Whatever you do don't directly copy these files onto you r system. Look at Samba3-examples and understand the differences here and change at your on risk ------------------------------------------------------------------------ /etc/pam.d/login #%PAM-1.0 auth required pam_securetty.so auth include common-auth auth required pam_nologin.so auth required pam_mail.so account include common-account password include common-password session include common-session session required pam_resmgr.so ----------------------------------------------------------------------------- /etc/pam.d/common-auth auth sufficient pam_unix2.so nullok auth sufficient pam_winbind.so use_first_pass use_authtok auth required pam_env.so #auth required pam_unix2.so -------------------------------------------------------------------------------- /etc/pam.d/common-account # #account required pam_unix2.so account sufficient pam_unix2.so account sufficient pam_winbind.so use_first_pass use_authtok ------------------------------------------------------------------------------------ /etc/pam.d/common-passwd password required pam_pwcheck.so nullok password sufficient pam_winbind.so use_first_pass use_authtok password required pam_unix2.so nullok use_first_pass use_authtok #password required pam_make.so /var/yp ------------------------------------------------------------------------------------ .etc/pam.d/common-session # #account required pam_unix2.so account sufficient pam_unix2.so account sufficient pam_winbind.so use_first_pass use_authtok ---------------------------------------------------------------------------------------- Basically the changes were using an include file and you don't have to edit /etc/pam.d/gdm, /etc/pam.d/xdm or /etc/pam.d/login, just the common-* files. You can look at it as a way of setting up everything at once or screwing up everything at once :-) . So I'll still continue to work on my issues noted and find some more, then work on RHEL and then circle back and try to do LDAP authentication through the ldap server on the SambaPDC. I started with winbind because after looking around it seemed that it might be the easiest to configure and I need to get these desktops up pretty quick.