[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authentication with SMB+PAM



Hi,

Same behavour on my configuration.
ldapsearch with -U "User" -X "u:User" ... works fine
ldapsearch with -D "cn=User,... doesn't work
In the database entry cn=User,... has a userPassword attribute with a
"{SASL}username" value.

My search in the archive of this mailing list for more information was
unsuccessful...

What is missing ???

Jacques Landru


Jean-Eric Cuendet wrote:
> 
> Hi,
> My setup is as follow:
> OpenLDAP 2.0.7 + SASL 1.5.24 (config with pam_smb) + PAM_SMB
> If I authenticate only with SASL (with sample-server/client) all is fine.
> If I issue ldapsearch/ldapmodify with -D "cn=User..." -U <smb_user> it's
> fine but when doing with only with -D "cn=User...", it's not OK. why?
> If I connect externally, it doesn't work, like with ldapsearch and only -D
> (without -U).
> If I set SHA or MD5 password in userPassword in LDAP, both are working
> (ldapsearch and external programs).
> 
> In such a scenario (SASL->PAM->SMB) what should contain userPassword? Or
> should I have NO userPassword at all?
> 
> Thanks
> -jec
> 
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> Jean-Eric Cuendet
> Linkvest SA
> Av des Baumettes 19, 1020 Renens Switzerland
> Tel +41 21 632 9043  Fax +41 21 632 9090
> http://www.linkvest.com  E-mail: jean-eric.cuendet@linkvest.com
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _