View Single Post
  #9   (View Single Post)  
Old 16th July 2008
coppermine's Avatar
coppermine coppermine is offline
Port Guard
 
Join Date: May 2008
Posts: 40
Default

The fate is interesting thing. Now I need to implement LDAP + SAMBA... I have spent four days by tackling and following different manuals to do this. Unfortunately, I am stuck in the phase where I need to modify the PAM settings so user in LDAP database can authenticate against it.
The problem I think so far is with PAM configuration, because the best result I could obtain is to modify password during logon (!!!). I.e. I enter user name followed by password, but the system prompts me for old password, the new one and to confirm the new password! And this behavior is in loop!

Yes, I can query ldap server (slapcat and with getent) and I have installed nss_ldap.conf and ldap.conf files with accompanying secret password files. Also I have made sure that slapd.conf is more or less tuned and provides working server.

Interesting stuff is happening with nscd daemon (nsswitch.conf)... I think there is some caching and Andrew Tridgel in his Samba by Example suggests to disable it.

The worst is that there is no good information regarding pam + nss and also with ties FreeBSD + SAMBA + LDAP on the internet. Mailing lists, bulletins and devoted sites contain very scattered information and very often seriously outdated.

...

Please, point to good resources or demand any config files (listing all of them would occupy lot of space). I feel quite lost and I am not far away to install SME server at least reinstall or packages and settings...

System : FreeBSD 7.0-RELEASE, OpenLDAP-2.3, Samba-3.0... + pam_ldap + nss_ldap

Last edited by coppermine; 16th July 2008 at 07:33 PM.
Reply With Quote