revzalot
December 8th, 2010, 01:03 AM
I've followed the Host Based Authentication Part from this page: https://help.ubuntu.com/community/LDAPClientAuthentication#Installation
I cannot get it to work. When I delete the 'ldap' from the shadow line in /etc/nsswitch.com all my ldap users cannot login. Yes I've uploaded the ldapns.schema, activated hostObject and added the machine name to the host attribute to my test ldap users.
I get this error from /etc/auth.log: sshd[3979]: pam_ldap: ldap_initialize Bad parameter to an ldap routine
Here's my ldap.conf:
base dc=web,dc=com
uri ldap://10.112.18.2 uri ldap://10.112.18.149
ldap_version 3
rootbinddn cn=admin,dc=web,dc=com
bind_policy soft
pam_check_host_attr yes
pam_filter |(host=webdev120)(host=\*)
pam_password crypt
tls_reqcert never
tls_cacertfile /etc/ssl/certs/cacert.pem
Here's my pam.d/*
auth [success=2 default=ignore] pam_unix.so nullok_secure
auth [success=1 default=ignore] pam_ldap.so use_first_pass
auth requisite pam_deny.so
auth required pam_permit.so
account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so
account [success=1 default=ignore] pam_ldap.so
account requisite pam_deny.so
account required pam_permit.so
password [success=2 default=ignore] pam_unix.so obscure sha512
password [success=1 user_unknown=ignore default=die] pam_ldap.so use_authtok try_first_pass
password requisite pam_deny.so
password required pam_permit.so
/etc/nsswitch.conf
passwd: files ldap
group: files ldap
shadow: files
# shadow: files ldap
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
I cannot get it to work. When I delete the 'ldap' from the shadow line in /etc/nsswitch.com all my ldap users cannot login. Yes I've uploaded the ldapns.schema, activated hostObject and added the machine name to the host attribute to my test ldap users.
I get this error from /etc/auth.log: sshd[3979]: pam_ldap: ldap_initialize Bad parameter to an ldap routine
Here's my ldap.conf:
base dc=web,dc=com
uri ldap://10.112.18.2 uri ldap://10.112.18.149
ldap_version 3
rootbinddn cn=admin,dc=web,dc=com
bind_policy soft
pam_check_host_attr yes
pam_filter |(host=webdev120)(host=\*)
pam_password crypt
tls_reqcert never
tls_cacertfile /etc/ssl/certs/cacert.pem
Here's my pam.d/*
auth [success=2 default=ignore] pam_unix.so nullok_secure
auth [success=1 default=ignore] pam_ldap.so use_first_pass
auth requisite pam_deny.so
auth required pam_permit.so
account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so
account [success=1 default=ignore] pam_ldap.so
account requisite pam_deny.so
account required pam_permit.so
password [success=2 default=ignore] pam_unix.so obscure sha512
password [success=1 user_unknown=ignore default=die] pam_ldap.so use_authtok try_first_pass
password requisite pam_deny.so
password required pam_permit.so
/etc/nsswitch.conf
passwd: files ldap
group: files ldap
shadow: files
# shadow: files ldap
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis