ldap+pam+login
All
Estou tendo problemas em conseguir logar na minha estacao, ela esta
configurada para trabalhar com o ldap e o pam.
Ate agora eu fiz o seguinte :
#
# SERVIDOR
##########
$ aptitude install nfs-common nfs-user-server -y
$ vi /etc/ldap/ldap.conf
pam_filter objectclass=posixaccount
pam_login_attibute uid
pam_member_attribute gid
pam_password shadow
$ vi /etc/exports
/home *(rw,root_squash,sync)
$ mv /etc/pam.d/login /etc/pam.d/login.BACKUP
$ vi /etc/pam.d/login
auth required pam_nologin.so
auth sufficient pam_ldap.so
auth sufficient pam_unix.so shadow use_first_pass
auth required pam_deny.so
account sufficient pam_unix.so
account sufficient pam_ldap.so
account required pam_deny.so
$ mv /etc/pam.d/passwd /etc/pam.d/passwd.BACKUP
$ vi /etc/pam.d/passwd
password sufficient pam_ldap.so
$ mv /etc/pam.d/ssh /etc/pam.d/ssh.BACKUP
$ vi /etc/pam.d/ssh
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_ldap.so
auth required /lib/security/pam_unix_auth.so try_first_pass
account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_unix_acct.so
password required /lib/security/pam_cracklib.so
password sufficient /lib/security/pam_ldap.so
password required /lib/security/pam_pwdb.so use_first_pass
session required /lib/security/pam_unix_session.so
$ mv /etc/pam.d/su /etc/pam.d/su.BACKUP
$ vi /etc/pam.d/su
auth sufficient pam_rootok.so
auth sufficient pam_ldap.so
auth required pam_unix.so use_first_pass
account sufficient pam_ldap.so
account required pam_unix.so
session sufficient pam_ldap.so
session required pam_unix.so
$ vi /etc/pam.d/gdm
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_unix.so shadow nullok
auth required /lib/security/pam_ldap.so use_first_pass
account sufficient /lib/security/pam_unix.so
account required /lib/security/pam_ldap.so use_first_pass
password required /lib/security/pam_cracklib.so
password sufficient /lib/security/pam_unix.so shadow nullok use_authtok
password required /lib/security/pam_ldap.so use_first_pass
session required /lib/security/pam_unix.so
session optional /lib/security/pam_console.so
$ mv /etc/pam_ldap.conf /etc/pam_ldap.conf.BACKUP
$ vi /etc/pam_ldap.conf
binddn cn=admin,dc=openware,dc=com,dc=br
bindpw SENHA_LDAP
rootbinddn cn=admin,dc=openware,dc=com,dc=br
pam_password SENHA_LDAP
$ vi /etc/security/access.conf
+:ALL:ALL
#
# CLIENTE
##########
$ aptitude install slapd nfs-common nfs-user-server -y
$ aptitude install libnss-ldap libpam-ldap -y
# Carregando os modulos nfs e nfsd do kernel
$ modprobe nfs
$ modprobe nfsd
$ vi /etc/ldap/ldap.conf
host 192.168.1.3
base dc=openware,dc=com,dc=br
binddn cn=admin,dc=openware,dc=com,dc=br
pam_filter objectclass=posixaccount
pam_login_attibute uid
pam_member_attribute gid
pam_password shadow
$ mv /etc/pam.d/login /etc/pam.d/login.BACKUP
$ vi /etc/pam.d/login
auth required pam_nologin.so
auth sufficient pam_ldap.so
auth sufficient pam_unix.so shadow use_first_pass
auth required pam_deny.so
account sufficient pam_unix.so
account sufficient pam_ldap.so
account required pam_deny.so
$ mv /etc/pam.d/passwd /etc/pam.d/passwd.BACKUP
$ vi /etc/pam.d/passwd
password sufficient pam_ldap.so
$ mv /etc/pam.d/ssh /etc/pam.d/ssh.BACKUP
$ vi /etc/pam.d/ssh
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_ldap.so
auth required /lib/security/pam_unix_auth.so try_first_pass
account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_unix_acct.so
password required /lib/security/pam_cracklib.so
password sufficient /lib/security/pam_ldap.so
password required /lib/security/pam_pwdb.so use_first_pass
session required /lib/security/pam_unix_session.so
$ mv /etc/pam.d/su /etc/pam.d/su.BACKUP
$ vi /etc/pam.d/su
auth sufficient pam_rootok.so
auth sufficient pam_ldap.so
auth required pam_unix.so use_first_pass
account sufficient pam_ldap.so
account required pam_unix.so
session sufficient pam_ldap.so
session required pam_unix.so
$ mv /etc/pam.d/gdm /etc/pam.d/gdm.BACKUP
$ vi /etc/pam.d/gdm
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_unix.so shadow nullok
auth required /lib/security/pam_ldap.so use_first_pass
account sufficient /lib/security/pam_unix.so
account required /lib/security/pam_ldap.so use_first_pass
password required /lib/security/pam_cracklib.so
password sufficient /lib/security/pam_unix.so shadow nullok use_authtok
password required /lib/security/pam_ldap.so use_first_pass
session required /lib/security/pam_unix.so
session optional /lib/security/pam_console.so
$ mv /etc/pam_ldap.conf /etc/pam_ldap.conf.BACKUP
$ vi /etc/pam_ldap.conf
binddn cn=admin,dc=openware,dc=com,dc=br
bindpw SENHA_LDAP
rootbinddn cn=admin,dc=openware,dc=com,dc=br
pam_password SENHA_LDAP
$ vi /etc/security/access.conf
+:ALL:ALL
$ vi /etc/fstab
192.168.1.3:/home /home nfs defaults,users 0 0
$ vi /etc/nsswitch.conf
passwd: files ldap
group: files ldap
shadow: files ldap
É alguma coisa que eu estou esqucendo de fazer. O interessante é que no
console eu não consigo logar como root, mas através do gdm eu consigo.
Outra coisa que eu notei é que eu consigo logar como root via ssh.
Desde já agradeço pela atenção.
Reply to: