7.3 and ldap

Rick Stevens rstevens at vitalstream.com
Fri Oct 8 22:14:30 UTC 2004 

Francisco Ruiz wrote:
(reformatted for bottom posting)

>> Francisco Ruiz wrote:
>> 
>>>I made the mistake in messing around with the ldap.conf file and now 
>>>I'm not able to log in period.  Is there a work around this problem 
>>>anyone?
>> 
>> 
>> Rick Stevens wrote:
>> 
>> Boot in single user mode (enter "linux single" at the "boot:" prompt).
>> You then have to do some magic:
>> 
>> 	cd /etc
>> 	mv pam.conf pam.conf.backup (don't worry if pam.conf is missing)
>> 	mv pam.d pam.d.backup
>> 	mkdir pam.d
>> 	cd pam.d
>> 	echo "auth required pam_unix.so" >other
>> 	echo "account required pam_unix.so" >>other
>> 	echo "password required pam_unix.so" >>other
>> 	echo "session required pam_unix.so" >>other
>> 
>> Yes, the first "echo" uses a single ">" the other three use two (">>").
>> You should be able to exit from single user mode and reboot and get
>> logged in.  Fix your stuff, then:
>> 
>> 	cd /etc
>> 	rm -rf pam.d
>> 	mv pam.d.backup pam.d
>> 	mv pam.conf.backup pam.conf
>> 
>> to restore the previous PAM setup.  And don't futz with ldap.conf unless
>> you know what you're doing!  ;-)  <snicker!>
>> 

> You guys kick major ass.

[blush!]  Thank you, kind sir.  I assume you're back up and running?

>                        Here is the deal. I have a 7.3 machine running
> samba 3.001 and I had it configured as a regular workgroup server.  I
> need to configure it as a domain member and I need it to authenticate
> users using LDAP, I need it to where I don't need to add users locally.
> I have read the SAMBA how tos and some of the Openldap how tos, but it
> seems the more I read the less I understand.  Can you help?

Let me see if I have this straight.  You want your Linux box to
authenticate users using the Windows DC via Samba so you won't have
to have local Linux-only users.  Is that correct?

If so, then you just need to bugger Samba to have the box join the
domain.  I'm not sure SWAT can do that, but essentially:

1. You must create a machine password for the Windows domain.  Let's
say your Windows domain is "MYWINDOMAIN" and the domain controller
is called "windc.mydomain.com".  Enter this command as the root user to
create the machine password:

	smbpasswd -j MYWINDOMAIN -r windc.mydomain.com

2. Add these entries (or modify existing ones) to the "[global]" section
of your /etc/samba/smb.conf file:

	security = domain
	domain logins = yes
	workgroup = MYWINDOMAIN
	password server = windc.mydomain.com

3. Stop and restart the Samba daemons:

	/etc/rc.d/init.d/samba restart

I heartily suggest you get the O'Reilly "Hornbill" book, "Using Samba".
This is all covered in one of the chapters in there.

By the way, we prefer bottom posting here, Francisco.  I took the
liberty of reformatting your message to match that.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-      A day for firm decisions!!!   Well, then again, maybe not!    -
----------------------------------------------------------------------

More information about the Redhat-install-list mailing list