[Fedora-directory-users] Probably very stupid problem ....
Craig White
craigwhite at azapple.com
Fri Dec 16 13:23:12 UTC 2005
On Fri, 2005-12-16 at 13:07 +0100, Enrico Valsecchi wrote:
> Hi All,
>
> I have a problem.
> My Users, stored correctly into Fedora-DS,
> can't login into my Linux System.
> (With OpenLdap did not have this problem)
> I don't understand where is MY error!
> :(
>
> There are my system settings....
>
> Many Thanks!
>
> Bye,
>
> Enrico
>
> /etc/pam.d/system-auth
> auth required /lib/security/$ISA/pam_env.so
> auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
> auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
> auth required /lib/security/$ISA/pam_deny.so
>
> account required /lib/security/$ISA/pam_unix.so broken_shadow
> account sufficient /lib/security/$ISA/pam_localuser.so
> account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
> account [default=bad success=ok
> user_unknown=ignore] /lib/security/$ISA/pam_ldap.so
> account required /lib/security/$ISA/pam_permit.so
>
> password requisite /lib/security/$ISA/pam_cracklib.so retry=3
> password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok
> md5 shadow
> password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
> password required /lib/security/$ISA/pam_deny.so
>
> session required /lib/security/$ISA/pam_limits.so
> session required /lib/security/$ISA/pam_unix.so
> session optional /lib/security/$ISA/pam_ldap.so
>
> /etc/nsswitch.conf
> passwd: files ldap
> shadow: files ldap
> group: files ldap
>
> /etc/ldap.conf AND /etc/openldap.conf
> suffix "dc=chiccomara,dc=org"
----
should have /etc/openldap/ldap.conf with at least...
BASE: dc=chiccomara,dc=org
HOST: 127.0.0.1
----
>
> uri ldap://centos.chiccomara.org/
> ldap_version 3
> pam_filter objectclass=posixAccount
> pam_login_attribute uid
> pam_member_attribute memberuid
> pam_password ssha
> nss_base_passwd ou=Users,ou=Mizar Solutions,dc=chiccomara,dc=org
> nss_base_shadow ou=Users,ou=Mizar Solutions,dc=chiccomara,dc=org
> nss_base_group ou=Groups,ou=Mizar Solutions,dc=chiccomara,dc=org
> # nss_base_hosts ou=Host,ou=Mizar Solutions,dc=chiccomara,dc=org
> scope one
-----
probably need here...
base: dc=chiccomara,dc=org
host: 127.0.0.1
rootbinddn: cn=Directory Manager #or whatever bind dn you choose
and I am not all knowing on PADL tools but I would have...
nss_base_passwd ou=Users,ou=Mizar Solutions,dc=chiccomara,dc=org?one
nss_base_shadow ou=Users,ou=Mizar Solutions,dc=chiccomara,dc=org?one
nss_base_group ou=Groups,ou=Mizar Solutions,dc=chiccomara,dc=org?one
and then /etc/ldap.secret with your rootbinddn password chmod 600
and you should be able to simply test it by doing...
getent passwd
getent group
and get your users/groups listed
Craig
More information about the Fedora-directory-users
mailing list