PAM/NSS LDAP konfigurace
Michal Rysavy
mrysavy na trask.cz
Středa Duben 25 20:05:00 CEST 2001
Mam problem s PAM/NSS LDAP. Mam uzivatele jak v /etc/passwd, tak v LDAP.
Autentifikace probiha vporadku u obou, ale u LDAP mi nefunguje zmena hesla.
Pri zmene hesla po me chce login(LDAP) password -- co to je ???
Byl by nekdo ochoten zaslat mi funkcni konfiguraci ?
Mam nasledujici konfiguraci:
Linux Mandrake v8.0b1 (pam,nss z 8.0)
/etc/ldap.conf:
host 125.1.1.40
base dc=sf,dc=trask,dc=cz
pam_password crypt
/etc/pam.d/passwd:
#%PAM-1.0
auth sufficient /lib/security/pam_ldap.so
auth required /lib/security/pam_unix_auth.so
use_first_pass
account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_unix_acct.so
password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_ldap.so
password required /lib/security/pam_pwdb.so try_first_pass
/etc/nsswitch.conf:
passwd files ldap
group files ldap
shadow files ldap
hosts: files nisplus nis dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus
slapd.conf:
include /schema/core.schema
include /schema/cosine.schema
include /schema/inetorgperson.schema
include /schema/nis.schema
include /schema/autofs.schema
loglevel 2272
access to * by * read
database ldbm
suffix "dc=sf, dc=trask, dc=cz"
directory /run
rootdn "cn=admin,dc=sf,dc=trask,dc=cz"
rootpw secret
index objectClass pres,eq
index cn,sn,uid eq
index uidNumber,gidNumber,memberUid eq
index oncRpcNumber,ipServicePort eq
index ipNetworkNumber,ipHostNumber eq
replogfile /slapd.replog
access to *
by * write
by * read
ldif, ktery byl importovan do LDAP:
dn: dc=sf,dc=trask,dc=cz
dc: sf
objectClass: top
objectClass: domain
dn: ou=People,dc=sf,dc=trask,dc=cz
ou: People
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=sf,dc=trask,dc=cz
ou: Group
objectClass: top
objectClass: organizationalUnit
dn: uid=mminer,ou=People,dc=sf,dc=trask,dc=cz
uid: mminer
cn: Manic Miner
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$1$sydXcFxJ$N7it.6fa5yHnrHDF5lfV.0
shadowLastChange: 11429
shadowMin: -1
shadowMax: 99999
shadowWarning: -1
shadowInactive: -1
shadowExpire: -1
shadowFlag: -1073744240
loginShell: /bin/bash
uidNumber: 504
gidNumber: 100
homeDirectory: /home/mrysavy
gecos: Manic Miner
Michal Rysavy
Další informace o konferenci Linux