[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: ldap authentication howto?
with rh, run authconfig and choose ldap authentication.
then do 'getent passwd' to see if it works.
Tarjei
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Peter Peltonen
> Sent: 28. mai 2001 16:21
> To: openldap-software@openLDAP.org
> Subject: ldap authentication howto?
>
>
>
> There must be a FAQ or HOWTO about how to change my Linux box's
> authentication
> method to LDAP based?
>
> I've managed to scatter a few pieces of information from here and
> there. Maybe
> someone could put together the puzzle for me :)
>
> Here's what I've got installed on my RH7.1 box:
>
> --snip--
> openldap-2.0.7-14 (from RH7.1 CD)
> openldap-servers-2.0.7-14
> openldap-clients-2.0.7-14
> openldap-devel-2.0.7-14
> openldap12-1.2.11-4
>
> pam-0.74-22 (from RH7.1 CD)
> pam_krb5-1.31-1
> pam-devel-0.74-22
>
> pam_ldap-108-1 (from rpmfind.net)
> nss_ldap-126-1
> --snip--
>
> I have my LDAP server (dc=fivetec,dc=com) running and I can add and modify
> entries with LDAPExplorer fine (except 8bit support).
>
> I created a user named peter. I used padl.com's MigrationTool
> migrate_passwd.pl to convert my passwd db. I extracted the part
> regarding user
> peter to a separate ldif file:
>
> --snip--
> dn: uid=peter,ou=People,dc=fivetec,dc=com
> uid: peter
> cn: peter
> objectClass: account
> objectClass: posixAccount
> objectClass: top
> objectClass: shadowAccount
> userPassword: {crypt}$1$euuT5nGM$F4rDeC4yX3QQPNCGYvSdI1
> shadowLastChange: 11470
> shadowMax: 99999
> shadowWarning: 7
> loginShell: /bin/bash
> uidNumber: 500
> gidNumber: 500
> homeDirectory: /home/peter
> --snip--
>
> Relying on the advice offered by LDAP-HOWTO I changed my
> /etc/pam.d/login to
> look like this:
>
> --snip--
>
> #%PAM-1.0
> auth required /lib/security/pam_securetty.so
> auth required /lib/security/pam_nologin.so
> auth sufficient /lib/security/pam_ldap.so
> auth required /lib/security/pam_unix_auth.so try_first_pass
> account sufficient /lib/security/pam_ldap.so
> account required /lib/security/pam_unix_acct.so
> password required /lib/security/pam_cracklib.so
> password required /lib/security/pam_ldap.so
> password required /lib/security/pam_pwdb.so use_first_pass
> session required /lib/security/pam_unix_session.so
> --snip--
>
> and was it LDAP-Implementation-HOWTO that told me to change a part of my
> nsswitch.conf to look like this, I don't remember anymore:
>
> --snip--
> passwd: files ldap nisplus
> shadow: files ldap nisplus
> group: files ldap isplus
> --snip--
>
> After that I used /usr/sbi/userdel to delete user peter from the
> passwd db.
>
> I tried logging in with ssh -- didn't work. Here's what my secure log say:
>
> --snip--
> May 28 17:15:09 jolo sshd[4104]: input_userauth_request: illegal
> user peter
> May 28 17:15:10 jolo sshd[4104]: Failed none for illegal user peter from
> 192.168.0.4 port 40450 ssh2
> May 28 17:15:12 jolo sshd[4104]: Failed password for illegal user
> peter from
> 192.168.0.4 port 40450 ssh2
> --snip--
>
> As I'm using clear text passwds I changed user peter's
> userPassword to a clear
> text one with LDAPExplorer but that did not change the situation.
>
> What am I missing?
>
> Do I have to edit some other files? Do I have to restart some services or
> reboot or something to get the system aware of the changes?
>
> A bit lost here,
>
> Peter
>
> PS. Some advice on how to get crypted passwords in use would be
> nice -- these
> things really should be in the FAQ!
>
>