[prev in list] [next in list] [prev in thread] [next in thread]
List: suse-slox-e
Subject: [suse-slox-e] Problem with pam/nsswitch auth to SLOX LDAP
From: Daniel Bertolo <Daniel.Bertolo () kinderheim-buehl ! ch>
Date: 2004-05-27 11:54:56
Message-ID: 4521590.1085658896275.SLOX.WebMail.wwwrun () slox ! mybuehl ! ch
[Download RAW message or body]
Hi together
I do have a problem setting up LDAP authentication on my Linux clients. In our \
productive environment, we use SuSE Linux 9.0 with LDAP auth to the SLOX server which \
actually works perfectly.
Now, I set up one client with Gentoo Linux. And I encountered some problems \
configuring PAM and nsswitch:
- Login works perfectly
- User names cannot be looked up. When I log into a console, the prompt looks like \
this:
I have no name!@a-108-01 dbertolo $
I guess that PAM works, but nsswitch is not able to lookup my username on the LDAP. \
Here are my config files:
### /etc/pam.d/system-auth
#%PAM-1.0
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_ldap.so use_first_pass
auth required /lib/security/pam_deny.so
account required /lib/security/pam_ldap.so
account sufficient /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_ldap.so
password sufficient /lib/security/pam_unix.so nullok md5 shadow use_authtok
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
session optional /lib/security/pam_ldap.so
### EOF
All other PAM modules refer to system-auth. For example login:
### /etc/pam.d/login
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so
### EOF
### /etc/nsswitch.conf
#ident $Id: nsswitch.ldap,v 2.4 2003/10/02 02:36:25 lukeh Exp $
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# uses LDAP conjunction with files.
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
# the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
passwd: ldap compat
group: ldap compat
shadow: ldap compat
# consult DNS first, we will need it to resolve the LDAP host. (If we
# can't resolve it, we're in infinite recursion, because libldap calls
# gethostbyname(). Careful!)
hosts: dns ldap
# LDAP is nominally authoritative for the following maps.
services: ldap [NOTFOUND=return] files
networks: ldap [NOTFOUND=return] files
protocols: ldap [NOTFOUND=return] files
rpc: ldap [NOTFOUND=return] files
ethers: ldap [NOTFOUND=return] files
# no support for netmasks, bootparams, publickey yet.
netmasks: files
bootparams: files
publickey: files
automount: files
# I'm pretty sure nsswitch.conf is consulted directly by sendmail,
# here, so we can't do much here. Instead, use bbense's LDAP
# rules ofr sendmail.
aliases: files
sendmailvars: files
# Note: there is no support for netgroups on Solaris (yet)
netgroup: ldap [NOTFOUND=return] files
### EOF
### /etc/ldap.conf
host 10.0.0.10
base dc=mybuehl,dc=ch
uri ldap://slox.mybuehl.ch/
ldap_version 3
nss_base_passwd dc=mybuehl,dc=ch
nss_base_group dc=mybuehl,dc=ch
### EOF
Can anyone tell me, what's wrong? Would be very happy, if this works.
Thanks,
Daniel
--
Linux is user friendly, it's just very picky about who its friends are
--
See the List-Unsubscribe header to unsubscribe
For additional commands, email: suse-slox-e-help@suse.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic