View previous topic :: View next topic |
Author |
Message |
garfield59 n00b
Joined: 16 Jan 2015 Posts: 6
|
Posted: Mon May 23, 2016 1:34 am Post subject: pam ldap woes |
|
|
Hi all,
I am trying to set up authorisation using openldap and pam_ldap/nss_ldap.
As of now I do this as an "research project".
I.e. I'm fiddling with my laptops configuration and everything is local.
After following the procedure in:
https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP#Getting_Started_with_OpenLDAP
(which did unfortunately _not_ work completely as is) I arrived at being able to change passwords as root
but cannot login.
I've got the ldap server up and running fine so I assume it is a pam or nss problem.
This is /etc/pam.d/system-auth:
Quote: |
#%PAM-1.0
auth required pam_env.so
auth sufficient pam_ldap.so use_first_pass sha512 shadow
auth required pam_unix.so try_first_pass likeauth nullok sha512 shadow
auth optional pam_permit.so
account sufficient pam_ldap.so
account required pam_unix.so
account optional pam_permit.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password sufficient pam_ldap.so use_first_pass use_authtok nullok sha512 shadow
password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password optional pam_permit.so
session required pam_limits.so
session required pam_env.so
session optional pam_ldap.so
session required pam_unix.so
session optional pam_permit.so
|
I'm completely out of ideas how to proceed.
Any pointers anyone?
Cheers,
Uwe |
|
Back to top |
|
|
garfield59 n00b
Joined: 16 Jan 2015 Posts: 6
|
Posted: Mon May 23, 2016 1:45 am Post subject: Re: pam ldap woes |
|
|
Hi,
here is some more information.
getent shadow yields (among others):
Quote: |
uwekloss:xxxxxxxxxxxxxxxxxxxx:16936:0:99999:7:::
ldaptest2:*:16944:0:::::0
|
where uwekloss is in /etc/passwd and /etc/shadow (xxxxxx is _not_ the real password entry )
and ldaptest2 is only in the ldap directory. |
|
Back to top |
|
|
|