LDAP Client Configuration problem
Gregory Staggel
gstag at gentoo.gr
Wed Apr 21 18:46:48 EEST 2004
καλησπέρα ,
Δοκίμασε να βάλεις τις παρακάτω γραμμές στο /etc/pam.d/system-auth
auth sufficient /lib/security/pam_ldap.so use_first_pass
account sufficient /lib/security/pam_ldap.so
password sufficient /lib/security/pam_ldap.so use_authtok
session optional /lib/security/pam_ldap.so
Γράφει message ο syslog όταν προσπαθείς να κάνεις login ?
On Wed, 2004-04-21 at 16:19, Ιωάννης Βαρθακούρης wrote:
> Μπορεί κάποιος να μου πεί τί κάνουμε λάθος ?
> ---------------------------------------------
> ldap.conf :
> host 10.0.2.252
>
> # The distinguished name of the search base.
> base dc=solaris,dc=epp
> #scope one
> pam_check_host_attr yes
> pam_filter objectclass=posixAccount
>
> pam_login_attribute uid
> pam_member_attribute memberuid
> pam_template_login_attribute uid
> pam_crypt local
> ldap_version 3
> port 389
> #nss_base_passwd ou=People,dc=solaris,dc=epp?one
> #nss_base_shadow ou=People,dc=solaris,dc=epp?one
> #nss_base_group ou=Group,dc=solaris,dc=epp?one
> #nss_base_hosts ou=Hosts,dc=solaris,dc=epp?one
>
> nsswitch.conf:
> #ident $Id: nsswitch.ldap,v 2.4 2003/10/02 02:36:25 lukeh Exp $
> #
> # An example file that could be copied over to /etc/nsswitch.conf; it
> # uses LDAP conjunction with files.
> #
> # "hosts:" and "services:" in this file are used only if the
> # /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
>
>
> passwd: files ldap
> group: files ldap
>
> # consult DNS first, we will need it to resolve the LDAP host. (If we
> # can't resolve it, we're in infinite recursion, because libldap calls
> # gethostbyname(). Careful!)
> hosts: dns ldap
>
> # LDAP is nominally authoritative for the following maps.
> services: ldap [NOTFOUND=return] files
> networks: ldap [NOTFOUND=return] files
> protocols: ldap [NOTFOUND=return] files
> rpc: ldap [NOTFOUND=return] files
> ethers: ldap [NOTFOUND=return] files
>
> # no support for netmasks, bootparams, publickey yet.
> netmasks: files
> bootparams: files
> publickey: files
> automount: files
>
> # I'm pretty sure nsswitch.conf is consulted directly by sendmail,
> # here, so we can't do much here. Instead, use bbense's LDAP
> # rules ofr sendmail.
> aliases: files
> sendmailvars: files
>
> # Note: there is no support for netgroups on Solaris (yet)
> netgroup: ldap [NOTFOUND=return] files
>
> pam.d files :
>
> cron file:
>
> account required pam_unix.so
> auth required pam_unix.so nullok
> auth required pam_env.so
> session required pam_unix.so
>
> ftp file:
>
> auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
> auth required pam_shells.so
> auth sufficient pam_ldap.so
> auth required pam_unix.so
> account sufficient pam_ldap.so
> account required pam_unix.so
> session required pam_unix.so
> session required pam_mkhomedir.so skel=/etc/skel/ umask=0077
>
>
> login file:
> auth sufficient pam_ldap.so
> auth sufficient pam_unix.so use_first_pass
> account sufficient pam_localuser.so
> account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] pam_ldap.so
> session required pam_unix.so
> session required pam_mkhomedir.so skel=/etc/skel/ umask=0077
> password required pam_deny.so
>
>
> passwd file:
>
> password required pam_unix.so nullok obscure md5
>
> su file:
> auth sufficient pam_rootok.so
>
> #ldap auth
> auth sufficient pam_ldap.so
>
> # Local user auth
> auth required pam_unix.so try_first_pass
>
> account sufficient pam_ldap.so
> account required pam_unix.so
> session sufficient pam_ldap.so
> session required pam_unix.so
>
> ---------------------------------------------------------------------
> Έχουμε ένα solaris server με Directory Services 5.2. Με τον jxplorer το ldap ανταποκρίνεται κανονικά. Χρησιμοποιώντας τα αρχεία πιο πάνω σε linux client Mandrake 10 δεν βλέπει καθόλου τη βάση και δεν μπορεί να κάνει και login, ούτε local ούτε απομακρυσμένα.
> Firewall δεν υπάρχει στη μέση ....
> Καμία πρόταση ????????
>
>
> ______________________________________________________________________________________
> http://mobile.pathfinder.gr - Pathfinder Mobile logos & Ringtones!
> http://www.pathfinder.gr - Δωρεάν mail από τον Pathfinder!
--
Gregory
* Computers are like air-conditioners:
both stop working, if you open windows.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.hellug.gr/pipermail/linux-greek-users/attachments/20040421/f59a83d8/attachment.pgp>
More information about the Linux-greek-users
mailing list