[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Re: OpenLDAP and SSH authentification



Thanks to all .........

I add this following in the /etc/libnss-ldap.conf on the server side :
rootbinddn cn=proxyuser,dc=exemple,dc=org
bindpw proxy
pam_password MD5
nss_base_passwd ou=people,dc=exemple,dc=org?one
nss_base_shadow ou=people,dc=exemple,dc=org?one
nss_base_group ou=groups,dc=exemple,dc=org?one

and I add this line in the /etc/pam.d/common-session file :
session required pam_mkhomedir.so skel=/etc/skel/

for creating the home dir when the user is connecting for the first time...

Thanks for your help anyway...........



Le , Ariel <ariel@bidcactus.com> a écrit :
> In your /etc/nsswitch.conf
>
>
> Try changing to these lines:
>
>
> passwd: files ldap
> group: files ldap
> shadow: files ldap
>
>
> Also in pam.d/sshd password section try adding:
>
>
> password   sufficient   pam_ldap.so
>
>
>
>
> To make much of this easier you might want to install packages something like this for your distro:
> libpam-ldap
> libnss-ldap
> ldap-auth-client
> ldap-auth-config
>
>
> Good luck.
> -a
>
>
>
>
> On Apr 20, 2010, at 3:15 AM, Michel Dubois wrote:
>
> Hello Everyone,
>
> I'm newbie on OpenLDAP. I build a LDAP server with one user. I can see this user when I did a "getent  passwd" on my client.  This is meaning that my LDAP server is working and my client is connecting on the LDAP server.
>
> I already modify my /etc/pam.d/sshd file on t my client machine like this : 
>
>
> # auth
> auth required pam_nologin.so no_warn
> auth sufficient pam_opie.so no_warn no_fake_prompts
> auth requisite pam_opieaccess.so no_warn allow_local
> auth sufficient /usr/local/lib/pam_ldap.so no_warn
> auth required pam_unix.so no_warn try_first_pass
>
> # account
> account required pam_login_access.so
> account required pam_unix.so
>
> # session
> session required pam_permit.so
>
> # password
> password required pam_unix.so no_warn try_first_pass
>
>
>
>
>
>
>
> But I can't be connected in shh mode on my client machine with the user login ? And this modification disable my ssh root connection.
>
> What do  I have  to check?
> Regards, 
>
> --
> -----------------------------------------------------------
> Michel Dubois
>
>
>
>
>
>
>
>