Hey guys,

I'm trying to setup a centralized network authentication with postgresql
and I already have almost the services authenticating via postgresql.
Right now I'm trying to setup samba to also authenticate my users
against postgres database and I can successfully authenticate a user on
a windows desktop to lookup a share by example, but I can't do login on
the domain or even join the domain.
So what I did was compile pdbsql 0.2 against samba 3.0.24 and setup my
smb.conf to use passdb backend of type "pgsql". I also had changed
"encrypt passwords" to "no" as it's necessary for this type of setup.
Additionally I'd setup samba pam configuration to use system's base
setup which use pam_pgsql by the way.
Below there's my configuration files:

/etc/pam.d/samba:
auth include system-auth
account include system-auth
session include system-auth
password include system-auth

/etc/pam.d/system-auth:
auth required pam_env.so
auth sufficient pam_pgsql.so
auth sufficient pam_unix.so likeauth nullok use_first_pass
auth required pam_deny.so
account sufficient pam_pgsql.so
account sufficient pam_unix.so
account required pam_deny.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2
ocredit=2 retry=3
password sufficient pam_unix.so nullok md5 shadow use_authtok
password sufficient pam_pgsql.so use_first_pass
password required pam_deny.so
session required pam_limits.so
session required pam_unix.so

/etc/samba/smb.conf:
workgroup = test
netbios name = server
security = user
encrypt passwords = no
domain master = yes
preferred master = yes
domain logons = yes
passdb backend = pgsqlgsql
pgsqlgsql host = 127.0.0.1
pgsqlgsql user = samba
pgsqlgsql password = samba
pgsqlgsql database = samba
pgsql:table = samba
pgsql:domain column = 'teste'

So as I told, I can use the login/password stored on postgres to access
a shared folder from a windows machine, so the problem is not about
crypted/encrypted password, but if I try to join the domain, even with
the machine account created, I can't do it. I also tried to first join
the domain using the normal samba configuration, and added the machine
account manually to the database, restarted samba with pdbsql
configuration, and tried to login on the domain from the windows
worksation but again I have no success.
With all the tests I did, I can just realize that the problem is about
the machine account lookup on sql backend. Looking at the pdbedit tool I
saw that my workstation account on pdb_pgsql was being returned as an
user account (account flags), so I fixed it changing to workstation
account putting the right value on the table (acct_ctrl field), but
again, the problem persists.
So as I can see, if I do compare the pdbedit output when using pdb_pgsql
against the output when using smbpasswd backend they are almost the
same, except for some account age and login drive/path information.
I've played a lot with samba parameters, pam setup and the data on
database but the problem is always the same, so I start to think that I
will not able to make my domain machines do login on my samba server
using account information stored on postgres database.

Do anybody have some idea about how to fix it? it's really a limitation
of pdbsql backend? or am I going through a wrong way?

Thanks for any help,

Claudinei Matos

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba