Re: LDAP authentication against Active Directory in Sarge

[Carlos Rodrigues <carlos.efr@mail.telepac.pt>]

Rene Tapia wrote:
> Besides ldap.conf, you also need to configure pam:

Actually pam isn't required just to get user information, which is what 
I'm trying to do.

But anyway, I found the problem. It was pretty supid actually... it 
should be "/etc/libnss-ldap.conf" and not "/etc/ldap.conf" (like in SUSE 
and Red Hat/CentOS).

But anyway, thanks for the info. I wasn't sure how to configure pam_ldap 
also (but haven't gotten there yet).

Carlos Rodrigues

> apt-get install libpam-ldap -y
> apt-get install libnss-ldap -y
> apt-get install libpam-cracklib -y
>
> Note: libpam-cracklib is not required for LDAP (it
> just enforces strong passwords)
>
> The following config files work, but you can change
> them to suit your needs:
>
> /etc/pam.d/common-auth:
> auth	sufficient	pam_ldap.so
> auth	required	pam_unix.so use_first_pass
>
> /etc/pam.d/common-account:
> account	sufficient	pam_ldap.so
> account	required	pam_unix.so
>
> /etc/pam.d/common-password:
> password   required   pam_cracklib.so retry=3 minlen=6
> difok=3
> password   sufficient pam_ldap.so use_authtok
> try_first_pass
> password   required   pam_unix.so use_authtok
> try_first_pass md5
>
> Also, if you intend to change user passwords with
> passwd via libpam-ldap, you will need to patch
> pam_ldap.so:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=284104
>
> Good luck!