[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: samba/ldap/nss



Jamie Thompson wrote:

> Have you tested that the authentication for PAM is working correctly?
> Try logging in using whatever auth you are using for it and check it can
> read the entiries it needs. libnss-ldap and pam_ldap have different

Did this. ldapsearch with a bind of
uid=chris,ou=people,dc=longship,dc=org searching ou=people for uid=chris
shows me (including userPassword - which is configured in slapd only
viewable for owner and admin).

> My files are:
> 
> common-password:
> password	sufficient	pam_ldap.so	ignore_unknown_user
> password	required	pam_unix.so	try_first_pass nullok obscure min=4 max=8 md5
> 
> common-auth:
> auth	sufficient	pam_ldap.so
> auth	required	pam_unix.so	use_first_pass nullok_secure
> 
> common-account:
> account	sufficient	pam_ldap.so
> account	required	pam_unix.so	use_first_pass
> 
> common-session:
> session	required	pam_unix.so

Copied this lot. Did a dpkg-reconfigure of libpam-ldap (keeping any
config - no changes) and now login works :) Getting closer :) Seems to
have solved the requirement on double password prompts too - that
use_first_pass is a useful one.

But - sudo complains

sudo: uid 1000 does not exist in the passwd file!

/etc/pam.d/sudo shows

@include common-auth
@include common-account

so that should be able to go via ldap - since it goes via the common files?

user chris is in the sudoers file with NOPASSWD access for shutdown and
reboot commands.

So - how to get sudo to play fair?

Am still trying to decide what should go in ldap (in terms of system
users and any groups) - but at least login is working :)

Until I've got login etc working just fine I'm going to wait with samba
config - one issue at a time methinks :)

-- 
Chris



Reply to: