[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: LDAP authentication against Active Directory in Sarge

Rene Tapia wrote:
Besides ldap.conf, you also need to configure pam:

I haven't got to configuring pam yet, but just ldap.conf+nsswitch.conf should work just to get uset information, either using something like "finger user" or "getent passwd".

LDAP user information without pam_ldap is useful, for instance, if I'm going to do authentication through Kerberos or just need the user information to be able to use Samba in an Active Directory domain without using winbind (to maintain uid/gid consistency through Samba and NFS).

But thanks anyway, I also wasn't sure how to configure pam_ldap, although I'm not there yet.

Carlos Rodrigues

apt-get install libpam-ldap -y
apt-get install libnss-ldap -y
apt-get install libpam-cracklib -y

Note: libpam-cracklib is not required for LDAP (it
just enforces strong passwords)

The following config files work, but you can change
them to suit your needs:

auth	sufficient	pam_ldap.so
auth	required	pam_unix.so use_first_pass

account	sufficient	pam_ldap.so
account	required	pam_unix.so

password   required   pam_cracklib.so retry=3 minlen=6
password   sufficient pam_ldap.so use_authtok
password   required   pam_unix.so use_authtok
try_first_pass md5

Also, if you intend to change user passwords with
passwd via libpam-ldap, you will need to patch

Good luck!

Reply to: