fedora 4 active directory (LDAP) authentication

Guillaume guillaume.chardin at gmail.com
Thu Dec 29 14:01:06 UTC 2005


# Your LDAP server.
host ungoliant.eritest.fr
# The distinguished name of the search base.
base dc=eritest,dc=fr
# The search scope.
scope sub

pam_password ad

nss_base_passwd ou=Utilisateurs,dc=eritest,dc=fr?sub
nss_base_shadow ou=Utilisateurs,dc=eritest,dc=fr?sub
nss_map_objectclass shadowAccount User
nss_map_attribute uid sAMAccountName
nss_map_attribute cn sAMAccountName
pam_login_attribute sAMAccountName
pam_filter objectclass=user

ssl no
------------------------
----------------/etc/nsswitch.conf-------------------
passwd:     files ldap
shadow:     files ldap
group:      files ldap
hosts:      files dns
bootparams: nisplus [NOTFOUND=return] files
ethers:         files
netmasks:   files
networks:    files
protocols:  files ldap
rpc:           files
services:   files ldap
netgroup:   files ldap
publickey:  nisplus
automount:  files ldap
aliases:    files nisplus
------------------------
---------------etc/pam.d/system-auth
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so broken_shadow
account     sufficient    /lib/security/$ISA/pam_localuser.so
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account     [default=bad success=ok user_unknown=ignore]
/lib/security/$ISA/pam_ldap.so
account     required      /lib/security/$ISA/pam_permit.so

password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_ldap.so
---------------------------------

many thanks.
Guillaume




More information about the fedora-list mailing list