Re: Autentificación LDAP con PAM (sin NSS)
mira esta es la configuración que tengo y trabaja bien
uso debian lenny
/etc/pam_ldap.conf
base dc=dominio,dc=ejemplo,dc=cu
uri ldap://100.0.0.1/
ldap_version 3
pam_password crypt
/etc/libnss-ldap.conf
base dc=dominio,dc=ejemplo,dc=cu
uri ldaps://server1.dominio.ejemplo.cu/
port 636
ldap_version 3
bind_policy soft
bind_timelimit 2
timelimit 2
scope sub
nss_reconnect_maxsleeptime 8
nss_reconnect_sleeptime 1
nss_initgroups_ignoreusers root
nss_srv_domain dominio.ejemplo.cu
pam_password exop
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberUid
nss_base_passwd ou=Usuarios,dc=dominio,dc=ejemplo,dc=cu?sub
nss_base_shadow ou=Usuarios,dc=dominio,dc=ejemplo,dc=cu?sub
nss_base_passwd ou=Equipos,dc=dominio,dc=ejemplo,dc=cu?one
nss_base_shadow ou=Equipos,dc=dominio,dc=ejemplo,dc=cu?one
nss_base_group ou=Grupos,dc=dominio,dc=ejemplo,dc=cu?one
ssl on
/etc/ldap/ldap.conf
host server1.dominio.ejemplo.cu
base dc=dominio,dc=ejemplo,dc=cu
uri ldaps://server1.dominio.ejemplo.cu/
port 636
TLS_REQCERT never
/etc/nsswitch.conf
passwd: files ldap [notfound=continue]
shadow: files ldap [notfound=continue]
group: files ldap [notfound=continue]
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
/etc/pam.d/common-auth
auth required pam_env.so
auth required pam_group.so use_first_pass
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_krb5.so use_first_pass
auth sufficient pam_winbind.so use_first_pass
auth required pam_deny.so
/etc/pam.d/common-account
account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 100 quiet
account [default=bad user_unknown=ignore success=ok
authinfo_unavail=ignore] pam_krb5.so
account [default=bad user_unknown=ignore success=ok
authinfo_unavail=ignore] pam_winbind.so
account required pam_permit.so
/etc/pam.d/common-password
password requisite pam_cracklib.so retry=2
password sufficient pam_unix.so use_authtok md5 shadow
password sufficient pam_winbind.so use_authtok
password required pam_deny.so
/etc/pam.d/common-session
session required pam_limits.so
session required pam_unix.so
session optional pam_mkhomedir.so skel=etc/skel/ umask=077
session required pam_krb5.so use_first_pass
session required pam_winbind.so use_first_pass
Reply to: