[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: libpam libnss + ldap Authentication problem !

Hi Nate,

   Id like to store every new create user account inside ldap. I've tried a lot of test for authentication against my woody.......... sometimes it work, but after user login, look like the bash shell cannot lookup the user name from ldap........ 

  Also, Can u kindly email me 1 set of your woody configuration for ldap configurations which included pam_ldap.conf, libnss-ldap.conf , /etc/pam.d/login , su, passwd, ssh ....etc, so that I can test it on my box ?
Dino Ming

----- Original Message ----- 
From: "nate" <ldap@aphroland.org>
To: <openldap-software@OpenLDAP.org>
Sent: Tuesday, July 16, 2002 12:08 PM
Subject: Re: libpam libnss + ldap Authentication problem !

> <quote who="Dino Ming">
> > Dear All,
> >
> >   I'm confusing with these 2 packages (libpam and libnss). Is it
> >   necessary to install both of them in order to perform ldap
> >   Authentication under Debian Woody ? or just install any one of them is
> >   enough ?
> >
> >  Could someone share his/her successful experience with me on this topic
> >  ?
> ive setup ldap auth on several woody and some potato machines ..
> the answer to your question is yes and no.  you can store the
> password information only in ldap, and store the rest(home directory,
> uid/gid etc) in another source such as /etc/passwd /etc/group or
> mysql or whatever.
> if you want FULL ldap authentication where everything is in ldap you'll
> need both nss and pam ldap modules installed and configured, i reccomend
> nscd as well.  if you can 'finger' the account and have stuff come back
> then the nss portion should be working ..
> don't forget to change nsswitch.conf, debian's nss_ldap doesn't do
> this automatically last i checked.
> nate