Authentification Problem: MS 2000 - Samba - PAM - LDAP

Authentification Problem: MS 2000 - Samba - PAM - LDAP

Post by Joachim Tor » Sat, 06 Oct 2001 03:33:39



Hello,

I have the ambitious goal to do a domain logon from a Windows 2000
mashine authentificate against a Samba PDC Server using pam_ldap.

I'm using Samba-2.2.1, the authentification is working fine against
the server itself using encrypted passwords. Assuming that the
pam_ldap modul won't work, when I use encrypted passwords,
I said my Samba server not to use them.
On the window mashine I changed the neccessary value of the
PlainTextPassword variable. With these changes I cannot logon correctly
meaning that I am recognised but can't load my server profile.

Normal 'net use' mapping of shares is working under this condition
with the ldap password.

Does anyone has why the domain logon fails ? Maybe the mashine
password, the user password or the combination ?!??

Please help !

regards

Joachim Tork

 
 
 

Authentification Problem: MS 2000 - Samba - PAM - LDAP

Post by Dean Thompso » Sat, 06 Oct 2001 15:37:09


Hi!,

Quote:> I have the ambitious goal to do a domain logon from a Windows 2000
> mashine authentificate against a Samba PDC Server using pam_ldap.

> I'm using Samba-2.2.1, the authentification is working fine against
> the server itself using encrypted passwords. Assuming that the
> pam_ldap modul won't work, when I use encrypted passwords,
> I said my Samba server not to use them.
> On the window mashine I changed the neccessary value of the
> PlainTextPassword variable. With these changes I cannot logon correctly
> meaning that I am recognised but can't load my server profile.

> Normal 'net use' mapping of shares is working under this condition
> with the ldap password.

> Does anyone has why the domain logon fails ? Maybe the mashine
> password, the user password or the combination ?!??

Do the SAMBA logs give you any clues as to what is going wrong ?
You may have to increase the verboseness of the logging file to see what is
really going wrong, but it should tell you at what point the system is
failing.

Keep in mind that as far as I know the standard SAMBA distribution doesn't
make use of the pam_ldap approach (I could be wrong here).  Have you specified
your ldap server in the smb.conf file with the syntax:

ldap server = <ldapserver_1>[:port][,<ldapsever_X>[:port]]*

You might have to get the HEAD or TNG branch versions of SAMBA which do have
LDAP authentication support within them.

See ya

Dean Thompson

--
+____________________________+____________________________________________+

| Bach. Computing (Hons)     | ICQ     - 45191180                         |
| PhD Student                | Office  - <Off-Campus>                     |
| School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
| MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
| Melbourne, Australia       |                                            |
+----------------------------+--------------------------------------------+

 
 
 

1. Proftpd + Pam authentification on LDAP serve

Hi,

I need to authenfificate the users connecting on proftpd server with an LDAP
query.

Something like this

1. User connecting on ftp, giving his username and password
2. Proftpd Connecting to LDAP server (or asking PAM to connect to the LDAP
server...)
3. If Username and password match with the LDAP database, access granted
4. else Access denied.

I currently try to use PAM but I would like to know if PAM is useless or is
significant (I mean : important) for
this kind of authentification

When I try to log with an existent user in the LDAP database, proftp logs a
bizarre line if his proftp.log:

FTP session opened.
proftpd: decode.c:500: ber_scanf: Assertion
`((ber)->ber_opts.lbo_valid==0x2)' failed.
ProFTPD received SIGABRT signal, no core dump.

What Does that means ?

I'm using these files :

/usr/local/etc/proftpd.conf
____________________________________________________
some lines ...

AuthPAM on
AuthPAMConfig proftp
# Configuration LDAP
LDAPAuthBinds   off
LDAPServer            ldap.asdf.ch
LDAPDoAuth         on "o=Myasdf,c=CH" "uid=%v"
LDAPDefaultAuthScheme "crypt"
LDAPHomedirOnDemandPrefix /vtx/ftp-www

/etc/pam.d/proftp
______________________________________________________
complete file :

#%PAM-1.0
auth      requisite     /lib/security/pam_listfile.so item=user sense=deny
file=/etc/ftpusers onerr=succeed
auth      requisite     /lib/security/pam_ldap debug
auth      requisite     /lib/security/pam_pwdb.so shadow nullok
#auth      required     /lib/security/pam_shells.so
#account    sufficient   /lib/security/pam_ldap.so
#account    required    /lib/security/pam_pwdb.so
session    required     /lib/security/pam_pwdb.so

Are these files correct ?

Please if someone has already configured something like I try to configure,
let me know how you did it.
I search all over the Internet but I did not find any doc about my specific
situation...

Thanks

--
sam
sam at tuxfamily dot org

2. alsa and midiman dio2496

3. LDAP with Pam Authentification

4. Linux Software Map software Mail-Order

5. Last appeal - how do I confugure PAM authentification/login with an LDAP server?

6. Problem printing large files

7. Authentification : PAM-LDAP?

8. RH5.0: SCSI-FutureDomain install failure

9. Kerberos V5 to Windows 2000 AD authentification

10. Problem with MS-CHAP and PPP and authentification

11. Problems connecting to MySQL database in MS Access 2000...

12. (Q)MS-CHAP authentification problem!!!!

13. Problem using PHP 4.0.6 with FreeTDS and MS-SQL-Server 2000