| View previous topic :: View next topic |
| Author |
Message |
garfield59
n00b
Joined: 16 Jan 2015
Posts: 6
|
 Posted: Mon May 23, 2016 1:34 am Post subject: pam ldap woes |
 |
|
Hi all,
I am trying to set up authorisation using openldap and pam_ldap/nss_ldap.
As of now I do this as an "research project".
I.e. I'm fiddling with my laptops configuration and everything is local.
After following the procedure in:
https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP#Getting_Started_with_OpenLDAP
(which did unfortunately _not_ work completely as is) I arrived at being able to change passwords as root
but cannot login.
I've got the ldap server up and running fine so I assume it is a pam or nss problem.
This is /etc/pam.d/system-auth:
| Quote: |
#%PAM-1.0
auth required pam_env.so
auth sufficient pam_ldap.so use_first_pass sha512 shadow
auth required pam_unix.so try_first_pass likeauth nullok sha512 shadow
auth optional pam_permit.so
account sufficient pam_ldap.so
account required pam_unix.so
account optional pam_permit.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password sufficient pam_ldap.so use_first_pass use_authtok nullok sha512 shadow
password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password optional pam_permit.so
session required pam_limits.so
session required pam_env.so
session optional pam_ldap.so
session required pam_unix.so
session optional pam_permit.so
|
I'm completely out of ideas how to proceed.
Any pointers anyone?
Cheers,
Uwe |
|
| Back to top |
|
 |
garfield59
n00b
Joined: 16 Jan 2015
Posts: 6
|
| Posted: Mon May 23, 2016 1:45 am Post subject: Re: pam ldap woes |
|
|
Hi,
here is some more information.
getent shadow yields (among others):
| Quote: |
uwekloss:xxxxxxxxxxxxxxxxxxxx:16936:0:99999:7:::
ldaptest2:*:16944:0:::::0
|
where uwekloss is in /etc/passwd and /etc/shadow (xxxxxx is _not_ the real password entry  )
and ldaptest2 is only in the ldap directory. |
|
| Back to top |
|
|
|
Other Things Gentoo
