Re: pam_ldap not working right
Looking over your files, I see quite a few problems:
1) You need to configure nss_ldap.conf as well as pam_ldap.conf.
2) The lines in nsswitch.conf should really be "files ldap" not "ldap
files", i.e. local data takes precedence.
3) You need to tell pam.d/login to use the same password for pam_unix that
it tried to use for pam_ldap:
auth sufficient pam_ldap.so
auth required pam_unix.so nullok try_first_pass
4) In pam_ldap.conf, it's best not to bind as anyone. pam_ldap will
attempt to bind with the given password and that will be the test. You'll
need to use
pam_password exop
if you still want to change user passwords with this setup.
If you are still having problems, watch what happens with a packet
sniffer.
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: