[Sysadmins] Samba + nss_ldap+ pam

ALT Linux sysadmins discussion
 help / color / mirror / Atom feed

* [Sysadmins] Samba + nss_ldap+ pam_ldap -->getent
@ 2009-05-18 12:45 Igor Golovichev
  0 siblings, 0 replies; only message in thread
From: Igor Golovichev @ 2009-05-18 12:45 UTC (permalink / raw)
  To: ALT Linux sysadmin discuss

Добрый день.

Поставил samba + openldap + nss_ldap + pam_ldap + smbldap-tools

С помощью smbpasswd управление пользователями работает - добовляются, 
удаляются и т.д.

Но команда 
getent passwd  
показывает только локальных пользователей, и при подключении пользователя 
samba выдается ошибка - нет локального пользователя.

Файл /etc/nss_ldap.conf

host 127.0.0.1
base dc=moskva,dc=local
uri ldap://localhost
binddn cn=admin,dc=moskva,dc=local
bindpw secret
rootbinddn cn=admin,dc=moskva,dc=local
timelimit 5
bind_timelimit 5
pam_member_attribute gid
pam_login_attribute uid
pam_password crypt
nss_base_passwd         ou=Users,dc=moskva,dc=local?one
nss_base_shadow         ou=Users,dc=moskva,dc=local?one
nss_base_group          ou=Group,dc=moskva,dc=local?one
nss_reconnect_tries 1
nss_reconnect_maxconntries 1

Файл /etc/pam_ldap.conf почти аналогичен.

# cat /etc/pam_ldap.conf |grep -v "#"
host 127.0.0.1
base dc=moskva,dc=local
uri ldap://localhost
bindpw secret
rootbinddn cn=admin,dc=moskva,dc=local
timelimit 5
bind_timelimit 5
pam_password crypt
nss_base_passwd         ou=Users,dc=moskva,dc=local?one
nss_base_shadow         ou=Users,dc=moskva,dc=local?one
nss_base_group          ou=Group,dc=moskva,dc=local?one

# cat /etc/nsswitch.conf |grep -v "#"
passwd: files winbind ldap
shadow: tcb files winbind ldap
group: files winbind  ldap
hosts:      files nisplus nis dns
ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files
bootparams: nisplus [NOTFOUND=return] files
netgroup:   nisplus
publickey:  nisplus
automount:  files nisplus
aliases:    files nisplus


#cat /etc/pam.d/system-auth-ldap |grep -v "#"

auth     sufficient     pam_tcb.so shadow fork prefix=$2a$ count=8 nullok
auth     requisite      pam_succeed_if.so uid >= 500 quiet
auth     required       pam_ldap.so use_first_pass
account  sufficient     pam_tcb.so shadow fork
account  required       pam_ldap.so
password required       pam_passwdqc.so min=disabled,24,12,8,7 max=40 
passphrase=3 match=4 similar=deny random=42 enforce=users retry=3
password sufficient     pam_tcb.so use_authtok shadow fork prefix=$2a$ count=8 
nullok write_to=tcb
password requisite      pam_succeed_if.so uid >= 500 quiet
password required       pam_ldap.so use_authtok
session  optional       pam_tcb.so
session  optional       pam_ldap.so
session  required       pam_mktemp.so
session  required       pam_limits.so

# cat /etc/pam.d/system-auth-winbind |grep -v "#"
auth required pam_env.so
auth sufficient pam_winbind.so
auth sufficient pam_unix.so likeauth nullok use_first_pass
auth required pam_deny.so
account sufficient pam_winbind.so
account required pam_unix.so
password required pam_cracklib.so retry=3
password sufficient pam_unix.so nullok use_authtok md5 shadow
password required pam_deny.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session required pam_limits.so
session required pam_unix.so

# cat /etc/pam.d/samba |grep -v "#"
auth     required       pam_winbind.so
auth     required       pam_nologin.so
account  required       pam_stack.so    service=system-auth
session  required       pam_stack.so    service=system-auth
auth     required       pam_stack.so    service=system-auth
account  sufficient     pam_winbind.so
password required       pam_winbind.so


system-auth -> system-auth-ldap


-- 
С уважением, Головичев Игорь


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2009-05-18 12:45 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-05-18 12:45 [Sysadmins] Samba + nss_ldap+ pam_ldap -->getent Igor Golovichev

ALT Linux sysadmins discussion

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/sysadmins/0 sysadmins/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 sysadmins sysadmins/ http://lore.altlinux.org/sysadmins \
		sysadmins@lists.altlinux.org sysadmins@lists.altlinux.ru sysadmins@lists.altlinux.com
	public-inbox-index sysadmins

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.sysadmins


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git