LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Fedora (https://www.linuxquestions.org/questions/fedora-35/)
-   -   FC5 /etc/pam.d/login ldap configuraion? (https://www.linuxquestions.org/questions/fedora-35/fc5-etc-pam-d-login-ldap-configuraion-437444/)

cbtg2006 04-21-2006 09:28 AM
FC5 /etc/pam.d/login ldap configuraion?
 
HI guys,

I've got LDAP working on my FC5 box, now I want to be able to login using the domain user names and passwords. ldapsearch and getent password work fine.

I'm using services for unix and windows server 2003 AD.

Had this working on FC4, but the /etc/pam.d/login and /etc/pam.d/gdm config seems to be different.

Current setup is:

################################# /etc/pam.d/login ##########################
#%PAM-1.0
######### Initial Login Prompt #########

auth required pam_securetty.so
auth required pam_nologin.so

######## Authorise User and Obtain Krb Ticket ######

auth required pam_mount.so
auth optional pam_krb5.so use_first_pass
auth sufficient pam_ldap.so use_first_pass
auth required pam_unix.so use_first_pass
# auth required pam_stack.so service=system-auth
auth required pam_nologin.so

######## Fetch User Information ########

account required pam_access.so
account sufficient pam_ldap.so use-first_pass
account required pam_unix.so use_first_pass
account required pam_nologin.so
# account required pam_stack.so service=system-auth

######## Password Management ########

password required pam_cracklib.so
password required pam_unix.so shadow md5 use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_mount.so use_authtok shadow md5

# password required pam_stack.so service=system-auth

######### Sesssion ########

session required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel umask=0077
session optional pam_mount.so shadow md5 use_authtok

# pam_selinux.so close should be the first session rule

session required pam_selinux.so close

#session required pam_stack.so service=system-auth
#session optional pam_console.so

# pam_selinux.so open should be the last session rule

session required pam_selinux.so multiple open

##########################################################


#################### /etc/pam.d/gdm ######################

#%PAM-1.0
auth required pam_env.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
auth required pam_mount.so use_first_pass
auth sufficient pam_ldap.so use_first_pass
auth optional pam_krb5.so use_first_pass
account required pam_stack.so service=system-auth
account sufficient pam_ldap.so use_first_pass
password required pam_stack.so service=system-auth
password sufficient pam_ldap.so use_first_pass
session required pam_stack.so service=system-auth
session optional pam_console.so
session required pam_mkhomedir.so skel=/etc/skel umask=0077
session optional pam_mount.so use_first_pass
session sufficient pam_ldap.so use_first_pass
session optional pam_group.so

#########################################################

Anyone know what I'm doing wrong? LDAP user information is ignored. It would appear that /etc/ldap.conf is not being called at the login prompt for cli as no debug output is displayed. However from within gdm, logged in as root, debug information is displayed for getent passwd|grep username.

Cheers guys,

Chris


All times are GMT -5. The time now is 07:19 PM.