Re: Has no one gotten LDAP authentication working?
* Mullins, Ron <rmullins@DigiTerra.com> [010405 17:09]:
> Seriously, has no one setup the libpam-ldap in Debian?
>
> Just some working config files to enlighten me as to the little thing I
> haven't gotten right would be splendid. You don't have to talk to me, you
> don't have to be my friend...I won't come to your house and drink your beer
> if you respond. Promise.
> dd
required packages:
openldap
libpam-ldap
libnss-ldap
libpam-cracklib
nscd
/etc/libnss-ldap.conf:
===================================================
host funguz
base o=Something, c=NL
===================================================
etc/pam_ldap.conf:
===================================================
host funguz
base o=Something, c=NL
# Use the V3 protocol to optimize searches
ldap_version 2
# Filter to AND with uid=%s
pam_filter objectclass=account
# The user ID attribute (defaults to uid)
pam_login_attribute uid
#Group to enforce membership of
#pam_groupdn cn=PAM,ou=Groups,dc=example,dc=net
# Group member attribute
#pam_member_attribute uniquemember
# Hash password locally; required for University of
# Michigan LDAP server, and works with Netscape
# Directory Server if you're using the UNIX-Crypt
# hash mechanism and not using the NT Synchronization
# service.
pam_crypt local
===================================================
/etc/pam.d/other:
===================================================
auth sufficient pam_unix.so
auth required pam_ldap.so use_first_pass
account sufficient pam_unix.so
account required pam_ldap.so
password sufficient pam_unix.so
password required pam_ldap.so try_first_pass
session required pam_unix.so
===================================================
you should modify all the files in /etc/pam.d/ as like my
/etc/pam.d/other.
Other example:
/etc/pam.d/login:
===================================================
auth requisite pam_securetty.so
auth required pam_nologin.so
auth required pam_env.so
auth sufficient pam_unix.so nullok
auth required pam_ldap.so use_first_pass
account sufficient pam_unix.so
account required pam_ldap.so
session required pam_unix.so
session optional pam_lastlog.so
session optional pam_motd.so
session optional pam_mail.so standard noenv
password required pam_cracklib.so retry=3 minlen=6 difok=3
password sufficient pam_unix.so use_authtok nullok md5 shadow
password required pam_ldap.so try_first_pass
===================================================
Well, one other word to say: improvise!
good luck!
CBL.
Reply to: