FC5 /etc/pam.d/login ldap configuraion?
HI guys,
I've got LDAP working on my FC5 box, now I want to be able to login using the domain user names and passwords. ldapsearch and getent password work fine. I'm using services for unix and windows server 2003 AD. Had this working on FC4, but the /etc/pam.d/login and /etc/pam.d/gdm config seems to be different. Current setup is: ################################# /etc/pam.d/login ########################## #%PAM-1.0 ######### Initial Login Prompt ######### auth required pam_securetty.so auth required pam_nologin.so ######## Authorise User and Obtain Krb Ticket ###### auth required pam_mount.so auth optional pam_krb5.so use_first_pass auth sufficient pam_ldap.so use_first_pass auth required pam_unix.so use_first_pass # auth required pam_stack.so service=system-auth auth required pam_nologin.so ######## Fetch User Information ######## account required pam_access.so account sufficient pam_ldap.so use-first_pass account required pam_unix.so use_first_pass account required pam_nologin.so # account required pam_stack.so service=system-auth ######## Password Management ######## password required pam_cracklib.so password required pam_unix.so shadow md5 use_authtok password sufficient pam_ldap.so use_authtok password required pam_mount.so use_authtok shadow md5 # password required pam_stack.so service=system-auth ######### Sesssion ######## session required pam_unix.so session required pam_mkhomedir.so skel=/etc/skel umask=0077 session optional pam_mount.so shadow md5 use_authtok # pam_selinux.so close should be the first session rule session required pam_selinux.so close #session required pam_stack.so service=system-auth #session optional pam_console.so # pam_selinux.so open should be the last session rule session required pam_selinux.so multiple open ########################################################## #################### /etc/pam.d/gdm ###################### #%PAM-1.0 auth required pam_env.so auth required pam_stack.so service=system-auth auth required pam_nologin.so auth required pam_mount.so use_first_pass auth sufficient pam_ldap.so use_first_pass auth optional pam_krb5.so use_first_pass account required pam_stack.so service=system-auth account sufficient pam_ldap.so use_first_pass password required pam_stack.so service=system-auth password sufficient pam_ldap.so use_first_pass session required pam_stack.so service=system-auth session optional pam_console.so session required pam_mkhomedir.so skel=/etc/skel umask=0077 session optional pam_mount.so use_first_pass session sufficient pam_ldap.so use_first_pass session optional pam_group.so ######################################################### Anyone know what I'm doing wrong? LDAP user information is ignored. It would appear that /etc/ldap.conf is not being called at the login prompt for cli as no debug output is displayed. However from within gdm, logged in as root, debug information is displayed for getent passwd|grep username. Cheers guys, Chris |
All times are GMT -5. The time now is 07:19 PM. |