ERROR : User xxx in passdb, but getpwnam() fails!

Vincent Farget Thu, 07 Dec 2006 00:57:28 -0800

Hi Nathan,

Thank you for your help, but for the moment I do not use the PAM ('obeypam restrictions = No' in SAMBA configuration).


I try to test the changes you write, but it doesn't change anything.

In my OpenLDAP log file, I have the following informations :

.....
 Dec  6 18:46:33 PDC slapd[4793]: daemon: activity on 1 descriptors
 Dec  6 18:46:33 PDC slapd[4793]: daemon: activity on:
 Dec  6 18:46:33 PDC slapd[4793]:  24r
 Dec  6 18:46:33 PDC slapd[4793]:
 Dec  6 18:46:33 PDC slapd[4793]: daemon: read activity on 24
 Dec  6 18:46:33 PDC slapd[4793]: daemon: select: listen=6
 active_threads=0 tvp=NULL
 Dec  6 18:46:33 PDC slapd[4793]: conn=3934 op=4 SRCH
 base="dc=serveur,dc=domaine,dc=fr" scope=2 deref=0
 filter="(&(uid=user1)(objectClass=sambaSamAccount))"
 Dec  6 18:46:33 PDC slapd[4793]: conn=3934 op=4 SRCH attr=uid uidNumber
 gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange
 sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn
 displayName sambaHomeDrive sambaHomePath sambaLogonScript
 sambaProfilePath description sambaUserWorkstations sambaSID
 sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName
 objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount
 sambaBadPasswordTime sambaPasswordHistory modifyTimestamp
 sambaLogonHours modifyTimestamp
 Dec  6 18:46:33 PDC slapd[4793]: <= bdb_equality_candidates: (uid)
 index_param failed (18)
 Dec  6 18:46:33 PDC slapd[4793]: conn=3934 op=4 SEARCH RESULT tag=101
 err=0 nentries=1 text=
.....

The 'bdb_equality_candidates: (uid) index_param failed (18)' line toldme that thereis probably a problem with the 'index' OpenLDAP configuration.


What do you think of that ?

Best regards.
-



Nathan Vidican a écrit :


Problem appears to be in your PAM config... you have pam_unix.so
required before pam_ldap; and even then, you have pam_ldap as optional.
You should have something to this effect:

auth   sufficient   pam_ldap.so use_first_pass
auth   required      pam_unix.so

account   sufficient   pam_ldap.so
account   required   pam_unix.so

What you basically need to tell the system, is that IF auth succeeds
from ldap - then it's sufficient, else auth must succeed from unix. What
you were telling the system was that auth from unix MUST succeed, THEN
auth from ldap is ok. It's really a simple fix, but you might want to
read up a bit on your particular O/S's pam configuration.

Also, not to be picky... but you did supply copies of your config files,
(which is good), but it's generally a good idea to have obscured your
passwords, and specific information.

--
Nathan Vidican
[EMAIL PROTECTED]


--
M. FARGET Vincent
IGE - Administrateur Systèmes / Informaticien de Laboratoire
UMR 5020 - Laboratoire des Neurosciences et Systemes Sensoriels
Universite Claude Bernard LYON 1 - CNRS
50, avenue Tony Garnier
69366 LYON Cedex 07
## Ce message est signé par un certificat CNRS ##
http://igc.services.cnrs.fr/Doc/General/trust.html
http://www.urec.cnrs.fr/igc/Certifs_CNRS.html
#####
# Pour que la signature soit valide, vous devrez
#  récupérer préalablement le certificat de
#  l'autorité de certification CNRS-Plus en
#  cliquant sur le lien ci dessous :
http://igc.services.cnrs.fr/cgi-bin/viewca?cmd=load&CA=CNRS-Plus&ca=CNRS-Plus

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with OpenLDAP/Samba/NSS -> ERROR : User xxx in passdb, but getpwnam() fails!

Reply via email to