Re: Autentificación LDAP con PAM (sin NSS)

To: debian-user-spanish@lists.debian.org
Subject: Re: Autentificación LDAP con PAM (sin NSS)
From: Reinier Napoles Martinez <rnapoles@hlg.uci.cu>
Date: Sun, 6 Jun 2010 11:59:55 -0400
Message-id: <[🔎] 201006061159.55898.rnapoles@hlg.uci.cu>
In-reply-to: <[🔎] 1275775306.1743.16.camel@nexus.l3jane.net>
References: <[🔎] 1275775306.1743.16.camel@nexus.l3jane.net>

mira esta es la configuración que tengo y trabaja bien
uso debian lenny

/etc/pam_ldap.conf
base dc=dominio,dc=ejemplo,dc=cu
uri ldap://100.0.0.1/
ldap_version 3
pam_password crypt


/etc/libnss-ldap.conf
base dc=dominio,dc=ejemplo,dc=cu
uri ldaps://server1.dominio.ejemplo.cu/
port 636
ldap_version 3
bind_policy soft
bind_timelimit 2
timelimit 2
scope sub
nss_reconnect_maxsleeptime 8
nss_reconnect_sleeptime 1
nss_initgroups_ignoreusers root
nss_srv_domain dominio.ejemplo.cu
pam_password exop
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberUid
nss_base_passwd ou=Usuarios,dc=dominio,dc=ejemplo,dc=cu?sub
nss_base_shadow ou=Usuarios,dc=dominio,dc=ejemplo,dc=cu?sub
nss_base_passwd ou=Equipos,dc=dominio,dc=ejemplo,dc=cu?one
nss_base_shadow ou=Equipos,dc=dominio,dc=ejemplo,dc=cu?one
nss_base_group  ou=Grupos,dc=dominio,dc=ejemplo,dc=cu?one
ssl on


/etc/ldap/ldap.conf
host server1.dominio.ejemplo.cu
base dc=dominio,dc=ejemplo,dc=cu
uri ldaps://server1.dominio.ejemplo.cu/
port 636
TLS_REQCERT never

/etc/nsswitch.conf
passwd:    files ldap [notfound=continue]
shadow:    files ldap [notfound=continue]
group:     files ldap [notfound=continue]

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

/etc/pam.d/common-auth
auth            required        pam_env.so
auth            required        pam_group.so use_first_pass
auth            sufficient      pam_unix.so likeauth nullok
auth            sufficient      pam_krb5.so use_first_pass
auth            sufficient      pam_winbind.so use_first_pass
auth            required        pam_deny.so
 

/etc/pam.d/common-account
account         required        pam_unix.so broken_shadow
account         sufficient      pam_succeed_if.so uid < 100 quiet
account         [default=bad user_unknown=ignore success=ok 
authinfo_unavail=ignore] pam_krb5.so
account         [default=bad user_unknown=ignore success=ok 
authinfo_unavail=ignore] pam_winbind.so
account         required        pam_permit.so


/etc/pam.d/common-password
password        requisite       pam_cracklib.so retry=2
password        sufficient      pam_unix.so use_authtok md5 shadow
password        sufficient      pam_winbind.so use_authtok
password        required        pam_deny.so


/etc/pam.d/common-session
session         required        pam_limits.so
session         required        pam_unix.so
session         optional        pam_mkhomedir.so skel=etc/skel/ umask=077
session         required        pam_krb5.so use_first_pass
session         required        pam_winbind.so use_first_pass

Reply to:

Follow-Ups:
- Re: Autentificación LDAP con PAM (sin NSS)
  - From: Marc Franquesa <mark@l3jane.net>

References:
- Autentificación LDAP con PAM (sin NSS)
  - From: Marc Franquesa <mark@l3jane.net>

Prev by Date: Re: ati lenovo t60 - X no levanta
Next by Date: Re: Lan messenger
Previous by thread: Autentificación LDAP con PAM (sin NSS)
Next by thread: Re: Autentificación LDAP con PAM (sin NSS)
Index(es):
- Date
- Thread