I would like to configure samba with PEM (with LDAP). I've already found, on the server, configured the PAM Authentication(with LDAP) for ssh. I wanted to know if it was possible to configure PAM for to authenticate to another LDAP only for SAMBA.
Is possibile duplicate the /etc/pam_ldap.conf let it point to another LDAP and then configure SAMBA to use this new file?
The /etc/pam_ldap.conf
Thanks
Marcello
Moderator's Comments:
Please use CODE tags as required by forum rules!
Last edited by RudiC; 08-26-2016 at 11:07 AM..
Reason: Added CODE tags.
I have a linux machine which authenticate users to ldap, this is working fine. But I would like to limit users that logon to the machines to just the system admins.
The machines hosts different web sites which users accessed from there home directory like http://foo.mdx.ac.uk/~username
At the... (0 Replies)
Greetings!! I am attempting to solve a rather thorny issue and I was hoping that someone might have some insight into what is going on here..
At this point I have an openLDAP server that is working quite splendidly! :)
I have a working directory with users able to authenticate it and TLS... (2 Replies)
Hi,
I´m trying to make Solaris authenticate users in AD. NTP is working, nsswitch.ldap is listed above, DNS is Ok and I made something different in pam.conf, krb5.conf and sshd_config (see above)
nsswitch.ldap:
passwd: files ldap
group: files ldap
hosts: files dns
ipnodes: ... (0 Replies)
Hi,
I have recently taken control of a number of RHEL5.3 servers that have samba shares setup on them and are authenticating using pam and winbind. My issue is that any user that has an active directory account can currently log in to the linux boxes using their ad credentials. I need to... (0 Replies)
Please I am having problem to login using Active Directory Services 2008 R2 accounts on a cubox ubuntu (2.6.32.9-dove-5.4.2 #46). "getent passwd" only shows local users, however I can querry ADS users using ldapsearch command.
I have 2 systems, one that does not use gdm can login with all users... (0 Replies)
Please I am having problem to login using Windows 2008 R2 Active Directory Services accounts on a cubox ubuntu (2.6.32.9-dove-5.4.2 #46). "getent passwd" only shows local users, however I can querry ADS users using ldapsearch command.
I have 2 systems, one that does not use gdm can login with all... (1 Reply)
I am working on configuring Samba with Remote LDAP for Authentications but facing issue on the same.
I googled for the this but most of the setup is to connect local Samba and LDAP with samba-ldap tools but in my case this is on a separate machines.
Please help me to configure this.
... (0 Replies)
Hi Folks,
I've install 389 Directory Server on a Centos 7.0 server. Over the last two days I've been trying to connect a MacBook running 10.10.5 to the server as a client and I'm having only partial success.
I've "Joined" to my network Account Server, and set my LDAP Mappings to... (2 Replies)
Discussion started by: jlh
2 Replies
LEARN ABOUT SUNOS
ldapfilter.conf
ldapfilter.conf(4) File Formats ldapfilter.conf(4)NAME
ldapfilter.conf - configuration file for LDAP filtering routines
SYNOPSIS
/etc/opt/SUNWconn/ldap/current/ldapfilter.conf
DESCRIPTION
The ldapfilter.conf file contains information used by the LDAP filtering routines.
Blank lines and lines that begin with a hash character (#) are treated as comments and ignored. The configuration information consists of
lines that contain one to five tokens. Tokens are separated by white space, and double quotes can be used to include white space inside a
token.
The file consists of a sequence of one or more filter sets. A filter set begins with a line containing a single token called a tag.
The filter set consists of a sequence of one or more filter lists. The first line in a filter list must contain four or five tokens: the
value pattern, the delimiter list, a filtertemplate, a match description, and an optional search scope. The value pattern is a regular
expression that is matched against the value passed to the LDAP library call to select the filter list.
The delimiter list is a list of the characters (in the form of a single string) that can be used to break the value into distinct words.
The filter template is used to construct an LDAP filter (see description below)
The match description is returned to the caller along with a filter as a piece of text that can be used to describe the sort of LDAP search
that took place. It should correctly compete both of the following phrases: "One match description match was found for ..." and "Three
match description matches were found for...."
The search scope is optional, and should be one of base, onelevel, or subtree. If search scope is not provided, the default is subtree.
The remaining lines of the filter list should contain two or three tokens, a filter template, a match description and an optional search
scope.
The filter template is similar in concept to a printf(3C) style format string. Everything is taken literally except for the character
sequences:
%v Substitute the entire value string in place of the %v.
%v$ Substitute the last word in this field.
%vN Substitute word N in this field (where N is a single digit 1-9). Words are numbered from left to right within the value
starting at 1.
%vM-N Substitute the indicated sequence of words where M and N are both single digits 1-9.
%vN- Substitute word N through the last word in value where N is again a single digit 1-9.
EXAMPLES
Example 1: An LDAP Filter Configuration File
The following LDAP filter configuration file contains two filter sets, example1 and example2 onelevel, each of which contains four filter
lists.
# ldap filter file
#
example1
"=" " " "%v" "arbitrary filter"
"[0-9][0-9-]*" " " "(telephoneNumber=*%v)" "phone number"
"@" " " "(mail=%v)" "email address"
"^.[. _].*" ". _" "(cn=%v1* %v2-)" "first initial"
".*[. _].$" ". _" "(cn=%v1-*)" "last initial"
"[. _]" ". _" "(|(sn=%v1-)(cn=%v1-))" "exact"
"(|(sn~=%v1-)(cn~=%v1-))" "approximate"
".*" ". " "(|(cn=%v1)(sn=%v1)(uid=%v1))" "exact"
"(|(cn~=%v1)(sn~=%v1))" "approximate"
"example2 onelevel"
"^..$" " " "(|(o=%v)(c=%v)(l=%v)(co=%v))" "exact" "onelevel"
"(|(o~=%v)(c~=%v)(l~=%v)(co~=%v))" "approximate"
"onelevel"
" " " " "(|(o=%v)(l=%v)(co=%v)" "exact" "onelevel"
"(|(o~=%v)(l~=%v)(co~=%v)" "approximate" "onelevel"
"." " " "(associatedDomain=%v)" "exact" "onelevel"
".*" " " "(|(o=%v)(l=%v)(co=%v)" "exact" "onelevel"
"(|(o~=%v)(l~=%v)(co~=%v)" "approximate" "onelevel"
ATTRIBUTES
See attributes(5) for a description of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWlldap |
+-----------------------------+-----------------------------+
|Stability Level |Evolving |
+-----------------------------+-----------------------------+
SEE ALSO ldap_getfilter(3LDAP), ldap_ufn(3LDAP), attributes(5)SunOS 5.10 9 Jul 2003 ldapfilter.conf(4)