Perhaps you should be posting questions such as this
to the samba mailing lists. Although i do think AT
and a few other samba-heads watch SLUG.
Dean
James Peter Gregory wrote:
> On Mon, 15 Jan 2001, Marty wrote:
>
>
>>> man smb.conf
>>>
>>> /ldap
>>>
>>> o ldap filter
>>>
>>> o ldap port
>>>
>>> o ldap root
>>>
>>> o ldap root passwd
>>>
>>> o ldap server
>>>
>>> o ldap suffix
>>>
>>> did you check all these?
>>
>> and, using google, this looked promising
>>
>> http://www.unav.es/cti/ldap-smb-howto.html
>
>
> Ok, first of all I'm not looking at LDAP authentication directly because
> to do that you have to use an experimental branch of samba, and that's not
> acceptable for this project. So all the mentioned sections of man smb.conf
> aren't really relevant (but yes I did look through the man page).
> Furthermore, when I was looking at said man page I couldn't help but
> notice the word experimental in capital letters and coloured bright
> purple.
>
> if you do ./configure --with-ldap on the 2.07 release of samba it will
> give you an error saying that ldap is not supported in this release (I
> find it slightly more concerning that there is a --with-ldap flag on the
> configure for openldap, but I digress).
>
> ie
>
> checking whether to use PAM password database... yes
> checking whether to use LDAP password database... yes
> configure: error: LDAP password database not supported in this version.
> [root@beast source]#
>
> My situation at the moment is that I think the way to go is to get samba
> to authenticate against PAM. There is a pam_ldap module which I'm using on
> my development machine, and it works very well. Compiling with --with-pam
> throws no errors. Looking at the symbols that are in the executables it
> produces, it would appear that it has indeed been built into the server.
>
> In fact, I've also been reading the source code of samba's password
> checking code. I've found the function which does the pam authentication
> and another function which claims to be the core of the password checking
> code. That function is quite interesting. Take a look (from
> source/passdb/pass_check.c):
>
> static BOOL password_check(char *password)
> {
>
> #ifdef WITH_PAM
> /* ... comment which will be relevant if we ever get this working
> */
> return (pam_auth(this_user,password));
> #endif /* WITH_PAM */
> /* ... */
>
> and then there are a whole lot of other authentication methods. WITH_PAM
> is defined. In fact, I put a #define at the start of the file to ensure
> that it was, only to be informed by the compiler that it had already been
> done. Anyway, if pam is defined, the function should return right there.
> Needless to say, this is not ocurring. I put in a few lines at the top of
> that function which basically opened a file and wrote a message to it. The
> message never got written.
>
> I've found patches to the 2.2 tree to fix the configure to add pam
> support, but nothing for the 2.0x series. Does anyone know anything about
> this, or am I barking up the wrong tree entirely here?
>
> tia.
>
> James.
>
>
>> later
>> marty
>>
>>
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
