Mandi! Richard A Nelson In chel di` si favelave... > I've not used smbldap-tools, but I question the above discourse !
I forgot to mention: the only encryption algorithm/schema supported by both (pam_unix and pam_ldap) seems crypt, so it is perfectly right that works for you. Better: i've not deep experimented, but seems that if you generate the password with pam_ldap also in MD5 they are compatible with pam_unix. The trouble came from the 'LDAP's prepended hash tags' as called by vorlon, eg when you use 'direct ldap' tools like smbldap-tools, but also others, i think all the web interfaces (webmin, phpldapadmin, ...). > But in anycase, I'm glad this works for you, and I'll compare it to the > doc, but unfortunately, there is no one 100% solution that will work > for everyone :( Many only use pam_ldap where it is required (password) > because pam_unix can use libnss_ldap for auth/account. Simply state that on README.Debian, pointing to the wiki as a bonus: it was a bit confusing for me discovering all these log errors, and pam_ldap have to be setup by hand, so proposing another configuration would be only a bonus. So, simply state: - pam_unix (standard pam setup) can 'as is' use ldap password via nss, at least if you use crypt password schema, or if you use some predefined tools to change the password (to be tested...) - pam_ldap have to be used if the password change by the way of an 'direct ldap' tools (some example, to be tested...) - if you (have to) use pam_ldap, consider in the pam auth chain that pam_unix will try an auth by the way of nss, and probably will fail with a log in auth.log if a non-compatible crypt schema are used. Just i'm here: i was really confused the first time i've read your README.Debian: eg, my first setup use pam_ldap also for account and session, not only for auth and password. :-))) For me, point your README.Debian to the wiki, or do an hardcopy of that. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.sv.lnf.it/ Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797
