[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldap authentication howto?

There must be a FAQ or HOWTO about how to change my Linux box's authentication
method to LDAP based?

I've managed to scatter a few pieces of information from here and there. Maybe
someone could put together the puzzle for me :) 

Here's what I've got installed on my RH7.1 box:

openldap-2.0.7-14 (from RH7.1 CD)

pam-0.74-22 (from RH7.1 CD)

pam_ldap-108-1 (from rpmfind.net)

I have my LDAP server (dc=fivetec,dc=com) running and I can add and modify
entries with LDAPExplorer fine (except 8bit support).

I created a user named peter. I used padl.com's MigrationTool
migrate_passwd.pl to convert my passwd db. I extracted the part regarding user
peter to a separate ldif file:

dn: uid=peter,ou=People,dc=fivetec,dc=com
uid: peter
cn: peter
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$1$euuT5nGM$F4rDeC4yX3QQPNCGYvSdI1
shadowLastChange: 11470
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 500
gidNumber: 500
homeDirectory: /home/peter

Relying on the advice offered by LDAP-HOWTO I changed my /etc/pam.d/login to
look like this:


auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_nologin.so
auth       sufficient   /lib/security/pam_ldap.so
auth       required     /lib/security/pam_unix_auth.so try_first_pass
account    sufficient   /lib/security/pam_ldap.so
account    required     /lib/security/pam_unix_acct.so
password   required     /lib/security/pam_cracklib.so
password   required     /lib/security/pam_ldap.so
password   required     /lib/security/pam_pwdb.so use_first_pass
session    required     /lib/security/pam_unix_session.so

and was it LDAP-Implementation-HOWTO that told me to change a part of my
nsswitch.conf to look like this, I don't remember anymore:

passwd:     files ldap nisplus
shadow:     files ldap nisplus
group:      files ldap isplus

After that I used /usr/sbi/userdel to delete user peter from the passwd db.

I tried logging in with ssh -- didn't work. Here's what my secure log say:

May 28 17:15:09 jolo sshd[4104]: input_userauth_request: illegal user peter
May 28 17:15:10 jolo sshd[4104]: Failed none for illegal user peter from port 40450 ssh2
May 28 17:15:12 jolo sshd[4104]: Failed password for illegal user peter from port 40450 ssh2

As I'm using clear text passwds I changed user peter's userPassword to a clear
text one with LDAPExplorer but that did not change the situation. 

What am I missing?

Do I have to edit some other files? Do I have to restart some services or
reboot or something to get the system aware of the changes?

A bit lost here, 


PS. Some advice on how to get crypted passwords in use would be nice -- these
things really should be in the FAQ!