Hi forum users,
A couple of years ago, I succeeded in making my server authenticate via LDAP as described the documentation. At the same time, I configured my Samba server to use openldap.
It has been working as intended since then, but now I have a problem that I cannot solve even if it seems trivial: I can no longer log into the samba server as user root. If I run a command like smbclient -I 192.168.1.31 -L myserver and I enter my root password, I am denied access. The command outputs something like this:
Obviously, the Samba server is searching through the LDAP entries and fails.
Even though my notes have disappeared, I am quite sure the root user was never included in the DIT and that Samba was working just fine with that.
Maybe I missed checking some configuration files being updated when I went from 10.0 to 10.1-RELEASE. I have checked e.g. the /etc/pam.d/sshd, and for me it seems correct:
I can post much more of the configuration and logs. But before I do that, someone might lead me in the right direction.
Any help is much appreciated.
Regards,
Jon Theil Nielsen
A couple of years ago, I succeeded in making my server authenticate via LDAP as described the documentation. At the same time, I configured my Samba server to use openldap.
It has been working as intended since then, but now I have a problem that I cannot solve even if it seems trivial: I can no longer log into the samba server as user root. If I run a command like smbclient -I 192.168.1.31 -L myserver and I enter my root password, I am denied access. The command outputs something like this:
Code:
smbclient -I 192.168.1.31 -L myserver
ldap_url_parse_ext(ldap://localhost/)
ldap_init: trying /usr/local/etc/openldap/ldap.conf
ldap_init: using /usr/local/etc/openldap/ldap.conf
ldap_url_parse_ext(ldap://ldap.domain.com)
ldap_init: HOME env is /root
ldap_init: trying /root/ldaprc
ldap_init: trying /root/.ldaprc
ldap_init: trying ldaprc
ldap_init: LDAPCONF env is NULL
ldap_init: LDAPRC env is NULL
Enter root's password:
session setup failed: NT_STATUS_LOGON_FAILURE
Even though my notes have disappeared, I am quite sure the root user was never included in the DIT and that Samba was working just fine with that.
Maybe I missed checking some configuration files being updated when I went from 10.0 to 10.1-RELEASE. I have checked e.g. the /etc/pam.d/sshd, and for me it seems correct:
Code:
auth required pam_nologin.so no_warn
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
auth sufficient /usr/local/lib/pam_ldap.so no_warn
auth required pam_unix.so no_warn try_first_pass
account required pam_login_access.so
account required /usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user
session required pam_permit.so
session required /usr/local/lib/pam_mkhomedir.so
password required pam_unix.so no_warn try_first_pass
Any help is much appreciated.
Regards,
Jon Theil Nielsen