FC5 LDAP Authentication Problem
Mark Haney
mhaney at ercbroadband.org
Tue Apr 25 14:07:40 UTC 2006
I have 3 FC5 boxes tied to Server 2003 AD. Most were upgrades from FC2
they work beautifully. I'll be glad to send over my ldap.conf file if
you like.
Chris Bradford wrote:
> Hi all,
> Has anyone managed to get FC5 working with Windows Server 2003 Active
> Directory?
> I had my FC4 boxes working fine, but the FC5 boxes will not accept any
> LDAP user names.
> My current setup is:
> ################################# /etc/pam.d/login
> ##########################
> #%PAM-1.0
> ######### Initial Login Prompt #########
>
> auth required pam_securetty.so
> auth required pam_nologin.so
>
> ######## Authorise User and Obtain Krb Ticket ######
>
> auth required pam_mount.so
> auth optional pam_krb5.so use_first_pass
> auth sufficient pam_ldap.so use_first_pass
> auth required pam_unix.so use_first_pass
> # auth required pam_stack.so service=system-auth
> auth required pam_nologin.so
>
> ######## Fetch User Information ########
>
> account required pam_access.so
> account sufficient pam_ldap.so use-first_pass
> account required pam_unix.so use_first_pass
> account required pam_nologin.so
> # account required pam_stack.so service=system-auth
>
> ######## Password Management ########
>
> password required pam_cracklib.so
> password required pam_unix.so shadow md5 use_authtok
> password sufficient pam_ldap.so use_authtok
> password required pam_mount.so use_authtok shadow md5
>
> # password required pam_stack.so service=system-auth
>
> ######### Sesssion ########
>
> session required pam_unix.so
> session required pam_mkhomedir.so skel=/etc/skel umask=0077
> session optional pam_mount.so shadow md5 use_authtok
>
> # pam_selinux.so close should be the first session rule
>
> session required pam_selinux.so close
>
> #session required pam_stack.so service=system-auth
> #session optional pam_console.so
>
> # pam_selinux.so open should be the last session rule
>
> session required pam_selinux.so multiple open
>
> ##########################################################
>
>
> #################### /etc/pam.d/gdm ######################
>
> #%PAM-1.0
> auth required pam_env.so
> auth required pam_stack.so service=system-auth
> auth required pam_nologin.so
> auth required pam_mount.so use_first_pass
> auth sufficient pam_ldap.so use_first_pass
> auth optional pam_krb5.so use_first_pass
> account required pam_stack.so service=system-auth
> account sufficient pam_ldap.so use_first_pass
> password required pam_stack.so service=system-auth
> password sufficient pam_ldap.so use_first_pass
> session required pam_stack.so service=system-auth
> session optional pam_console.so
> session required pam_mkhomedir.so skel=/etc/skel umask=0077
> session optional pam_mount.so use_first_pass
> session sufficient pam_ldap.so use_first_pass
> session optional pam_group.so
>
> #########################################################
> Can anyone see where I am going wrong?
> Many thanks,
> Chris Bradford
> Systems Administrator
> Cambridge Newspapers
>
>
> This message has been scanned for viruses by BlackSpider MailControl - www.blackspider.com
>
>
--
Interdum feror cupidine partium magnarum Europae vincendarum
Mark Haney
Sr. Systems Administrator
ERC Broadband
(828) 350-2415
More information about the fedora-list
mailing list