[Pkg-samba-maint] Bug#601667: libpam-smbpass migrate breaks su (squeeze)
Hanspeter Kunz
hkunz at ifi.uzh.ch
Sat Nov 13 09:44:05 UTC 2010
On Fri, 2010-11-12 at 21:20 -0800, Steve Langasek wrote:
> What are the full contents of /etc/pam.d/common-auth on this system?
auth [success=2 default=ignore] pam_unix.so nullok_secure
auth [success=1 default=ignore] pam_ldap.so use_first_pass
auth requisite pam_deny.so
auth required pam_permit.so
#auth optional pam_smbpass.so migrate
> Do the users you're trying to su to have entries in passdb.tdb? Do they
> have passwords in passdb.tdb?
I have an entry for root but not for other users.
Anyway, I am storing the samba passwords in ldap, so I guess passdb.tdb
is not used anyway.
this is the relevant part of my /etc/samba/smb.conf:
security = user
encrypt passwords = true
passdb backend = ldapsam:"ldap://ldap.ifi.uzh.ch
ldap://ldap-slave.ifi.uzh.ch"
ldap ssl = start tls
ldap admin dn = cn=manager,dc=ifi,dc=uzh,dc=ch
ldap suffix = dc=ifi,dc=uzh,dc=ch
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap idmap suffix = People
guest account = nobody
invalid users = root
obey pam restrictions = yes
ldap passwd sync = yes
unix password sync = yes
pam password change = yes
--
Hanspeter Kunz University of Zurich
Systems Administrator Department of Informatics
Email: hkunz at ifi.uzh.ch Binzmühlestrasse 14
Tel: +41.(0)44.63-56714 Office 2.E.07
http://www.ifi.uzh.ch CH-8050 Zurich, Switzerland
Spamtraps: hkunz.bogus at ailab.ch hkunz.bogus at ifi.uzh.ch
---
All is well that ends well.
-- John Heywood
More information about the Pkg-samba-maint
mailing list