fedora 4 active directory (LDAP) authentication
Guillaume
guillaume.chardin at gmail.com
Thu Dec 29 14:01:06 UTC 2005
# Your LDAP server.
host ungoliant.eritest.fr
# The distinguished name of the search base.
base dc=eritest,dc=fr
# The search scope.
scope sub
pam_password ad
nss_base_passwd ou=Utilisateurs,dc=eritest,dc=fr?sub
nss_base_shadow ou=Utilisateurs,dc=eritest,dc=fr?sub
nss_map_objectclass shadowAccount User
nss_map_attribute uid sAMAccountName
nss_map_attribute cn sAMAccountName
pam_login_attribute sAMAccountName
pam_filter objectclass=user
ssl no
------------------------
----------------/etc/nsswitch.conf-------------------
passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files ldap
rpc: files
services: files ldap
netgroup: files ldap
publickey: nisplus
automount: files ldap
aliases: files nisplus
------------------------
---------------etc/pam.d/system-auth
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so broken_shadow
account sufficient /lib/security/$ISA/pam_localuser.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account [default=bad success=ok user_unknown=ignore]
/lib/security/$ISA/pam_ldap.so
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so
---------------------------------
many thanks.
Guillaume
More information about the fedora-list
mailing list