PAM/NSS LDAP konfigurace

Michal Rysavy mrysavy na trask.cz
Středa Duben 25 20:05:00 CEST 2001 

Mam problem s PAM/NSS LDAP. Mam uzivatele jak v /etc/passwd, tak v LDAP. 
Autentifikace probiha vporadku u obou, ale u LDAP mi nefunguje zmena hesla. 

Pri zmene hesla po me chce login(LDAP) password         -- co to je ??? 



Byl by nekdo ochoten zaslat mi funkcni konfiguraci ? 



Mam nasledujici konfiguraci: 

Linux Mandrake v8.0b1 (pam,nss z 8.0) 

/etc/ldap.conf: 
        host 125.1.1.40 
        base dc=sf,dc=trask,dc=cz 
        pam_password crypt 

/etc/pam.d/passwd: 
        #%PAM-1.0 
        auth       sufficient   /lib/security/pam_ldap.so 
        auth       required     /lib/security/pam_unix_auth.so 
use_first_pass 
        account    sufficient   /lib/security/pam_ldap.so 
        account    required     /lib/security/pam_unix_acct.so 
        password   required     /lib/security/pam_cracklib.so retry=3 
        password   sufficient   /lib/security/pam_ldap.so 
        password   required     /lib/security/pam_pwdb.so try_first_pass 

/etc/nsswitch.conf: 
        passwd          files ldap 
        group           files ldap 
        shadow          files ldap 

        hosts:      files nisplus nis dns 
        bootparams: nisplus [NOTFOUND=return] files 
        ethers:     files 
        netmasks:   files 
        networks:   files 
        protocols:  files 
        rpc:        files 
        services:   files 
        netgroup:   nisplus 
        publickey:  nisplus 
        automount:  files nisplus 
        aliases:    files nisplus 

slapd.conf: 
        include /schema/core.schema 
        include /schema/cosine.schema 
        include /schema/inetorgperson.schema 
        include /schema/nis.schema 
        include /schema/autofs.schema 

        loglevel 2272 

        access to * by * read 

        database ldbm 
        suffix "dc=sf, dc=trask, dc=cz" 
        directory /run 
        rootdn "cn=admin,dc=sf,dc=trask,dc=cz" 
        rootpw secret 

        index   objectClass             pres,eq 
        index   cn,sn,uid               eq 
        index   uidNumber,gidNumber,memberUid   eq 
        index   oncRpcNumber,ipServicePort      eq 
        index   ipNetworkNumber,ipHostNumber    eq 

        replogfile /slapd.replog 

        access to * 
                by * write 
                by * read 



ldif, ktery byl importovan do LDAP: 
        dn: dc=sf,dc=trask,dc=cz 
        dc: sf 
        objectClass: top 
        objectClass: domain 

        dn: ou=People,dc=sf,dc=trask,dc=cz 
        ou: People 
        objectClass: top 
        objectClass: organizationalUnit 

        dn: ou=Group,dc=sf,dc=trask,dc=cz 
        ou: Group 
        objectClass: top 
        objectClass: organizationalUnit 

        dn: uid=mminer,ou=People,dc=sf,dc=trask,dc=cz 
        uid: mminer 
        cn: Manic Miner 
        objectClass: account 
        objectClass: posixAccount 
        objectClass: top 
        objectClass: shadowAccount 
        userPassword: {crypt}$1$sydXcFxJ$N7it.6fa5yHnrHDF5lfV.0 
        shadowLastChange: 11429 
        shadowMin: -1 
        shadowMax: 99999 
        shadowWarning: -1 
        shadowInactive: -1 
        shadowExpire: -1 
        shadowFlag: -1073744240 
        loginShell: /bin/bash 
        uidNumber: 504 
        gidNumber: 100 
        homeDirectory: /home/mrysavy 
        gecos: Manic Miner 






Michal Rysavy

Další informace o konferenci Linux