On Mon, 15 Jan 2001, Marty wrote:
> > man smb.conf
> >
> > /ldap
> >
> > o ldap filter
> >
> > o ldap port
> >
> > o ldap root
> >
> > o ldap root passwd
> >
> > o ldap server
> >
> > o ldap suffix
> >
> > did you check all these?
>
> and, using google, this looked promising
>
> http://www.unav.es/cti/ldap-smb-howto.html
Ok, first of all I'm not looking at LDAP authentication directly because
to do that you have to use an experimental branch of samba, and that's not
acceptable for this project. So all the mentioned sections of man smb.conf
aren't really relevant (but yes I did look through the man page).
Furthermore, when I was looking at said man page I couldn't help but
notice the word experimental in capital letters and coloured bright
purple.
if you do ./configure --with-ldap on the 2.07 release of samba it will
give you an error saying that ldap is not supported in this release (I
find it slightly more concerning that there is a --with-ldap flag on the
configure for openldap, but I digress).
ie
checking whether to use PAM password database... yes
checking whether to use LDAP password database... yes
configure: error: LDAP password database not supported in this version.
[root@beast source]#
My situation at the moment is that I think the way to go is to get samba
to authenticate against PAM. There is a pam_ldap module which I'm using on
my development machine, and it works very well. Compiling with --with-pam
throws no errors. Looking at the symbols that are in the executables it
produces, it would appear that it has indeed been built into the server.
In fact, I've also been reading the source code of samba's password
checking code. I've found the function which does the pam authentication
and another function which claims to be the core of the password checking
code. That function is quite interesting. Take a look (from
source/passdb/pass_check.c):
static BOOL password_check(char *password)
{
#ifdef WITH_PAM
/* ... comment which will be relevant if we ever get this working
*/
return (pam_auth(this_user,password));
#endif /* WITH_PAM */
/* ... */
and then there are a whole lot of other authentication methods. WITH_PAM
is defined. In fact, I put a #define at the start of the file to ensure
that it was, only to be informed by the compiler that it had already been
done. Anyway, if pam is defined, the function should return right there.
Needless to say, this is not ocurring. I put in a few lines at the top of
that function which basically opened a file and wrote a message to it. The
message never got written.
I've found patches to the 2.2 tree to fix the configure to add pam
support, but nothing for the 2.0x series. Does anyone know anything about
this, or am I barking up the wrong tree entirely here?
tia.
James.
>
> later
> marty
>
>
--
"I like cats too. Let's exchange recipes." - unknown.
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
