[SMS]

[Cheikh]

I have been testing samba, smbldap-tools, OpenLDAP, and nss-pam-ldapd on SMS-2.0 x86 everything seems to be in place but user authentication is not working and I dont know what I need to change to get authentication working correctly. smbldap-useradd is able to add users correctly to the LDAP server but said users are not able to authenticate locally or through ssh. For example when I create a test ldap user with:
:~# smbldap-useradd -m ldapuser its home directory is created under /home/ldapuser
the following command: returns the correct output
:~# getent passwd ldapuser
ldapuser:*:1551:100:System User:/home/ldapuser:/bin/bash

when I do su - ldapuser
:~$ su - ldapuser
Password:
su: Authentication failure

I have changed my /etc/nsswitch.conf to lookup in the LDAP database. I suspect it may have to do with the password mechanism passed between the client and the server but I dont know what to change to have them talk successfully. Some google search shows I need to put in slapd.conf
password-hash {CRYPT}
password-crypt-salt-format "%.2s"

I have made similar changes to smbldap.conf with no success
and change /etc/login.defs
ENCRYPT_METHOD to SHA512 instead of the default SHA256

Please assist if you need more details I will provide them.

[gerasimos_h]

I didn't quite understand what you want to do, but samba and smbldap-tools is for creating virtual users for accessing samba, so the "su" command ain't going to work with those users.
Also to be able to "su" user needs a password, so doing "passwd ldapuser" might help.

gerasimos_h

[Cheikh]

What I am trying to do is create system user account in LDAP using smbldap-useradd and smbldap-passwd. Please note the virtual test account I created is working as expected with samba there is no issue there, but trying to use the same user to login locally isn't working. If this is not supposed to happen this way the attached guide I am using is wrong page 19. Also I notice this service rc.nss-pam-ldapd does not start on boot.

Thanks

[gerasimos_h]

If it's written it should work, or at list worked in the past I, try a similar test configuration based on default SMS setup, and get authentication failure from one user to another.
I also tried lowering the encryption to {CRYPT} in both openldap and shadow but didn't worked.

SASL though working, so I haven't try to use SASL to authenticate for a unix login...

I upgrade samba, smbldap-tools and nss-pam-ldap packages and fix nss-pam-ldap script, and will upload later today.

gerasimos_h

[gerasimos_h]

OK! I spend a little time, and manage to see what the problem is..
For this to work you need to switch to pam authentication by installing (upgradepkg) util-linux in /extra/pam/.
You also need to edit /etc/pam.conf or adding /etc/pam.d/(service) for each service (sshd, su, login e.t.c)
A working config should look like that