[K12OSN] Ubuntu LTSP cannot authenticating to LDAP through GDM, but works with ssh

Glenn Arnold garnold at unrealsolutions.com
Mon Oct 10 19:20:39 UTC 2005 

Here is the config files.

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         ldap files
group:          ldap files
shadow:         ldap files

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

#
# /etc/pam.d/common-account - authorization settings common to all
services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authorization modules that define
# the central access policy for use on the system.  The default is to
# only deny service to users whose accounts are expired in /etc/shadow.
#
account sufficient      pam_ldap.so
account required        pam_unix.so

#
# /etc/pam.d/common-auth - authentication settings common to all
services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
# traditional Unix authentication mechanisms.
#
auth    sufficient      pam_ldap.so
auth    required        pam_unix.so nullok_secure

#
# /etc/pam.d/common-password - password-related modules common to all
services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define  the services to be
#used to change user passwords.  The default is pam_unix

# The "nullok" option allows users to change an empty password, else
# empty passwords are treated as locked accounts.
#
# (Add `md5' after the module name to enable MD5 passwords)
#
# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
# login.defs. Also the "min" and "max" options enforce the length of the
# new password.
password   sufficient  pam_ldap.so
password   required   pam_unix.so nullok obscure min=4 max=8 md5

#
# /etc/pam.d/common-session - session-related modules common to all
services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive).  The default is pam_unix.
#
session sufficient      pam_ldap.so
session required        pam_unix.so

#%PAM-1.0 GDM
#auth   sufficient      pam_ldap.so
auth    requisite       pam_nologin.so
auth    required        pam_env.so
auth    required        pam_unix_auth.so
auth    sufficient      pam_ldap.so use_first_pass
@include common-auth
@include common-account
account sufficient      pam_ldap.so
account required        pam_unix_acct.so
#password required      pam_ldap.so
#session        sufficient      pam_ldap.so
#session        required        pam_unix_session.so
session required        pam_limits.so
session optional        pam_ldap.so
@include common-session
@include common-password

Thanks
-Glenn
-----Original Message-----
From: Dan Young [mailto:dan_young at mesd.k12.or.us] 
Sent: Monday, October 10, 2005 3:11 PM
To: Support list for opensource software in schools.
Subject: Re: [K12OSN] Ubuntu LTSP cannot authenticating to LDAP through
GDM,but works with ssh

Glenn Arnold wrote:
> I am trying to setup a LTSP server with Breezy that authenticates to
> LDAP and mounts home drives from a different server. When I use GDM to
> login I cannot login to the server, but if I secure shell to the
server
> using ldap authentication it authenticates and mounts the home drive
> from the other server with nfs. What do you have to do to the GDM
config
> files tell it to use LDAP authentication or what did I not configure
in
> my pam files to allow this to work?

What does /etc/pam.d/gdm look like?

-- 
Dan Young <dan_young at mesd.k12.or.us>
System Adminstrator
Multnomah ESD - Network Services
503-257-1562

_______________________________________________
K12OSN mailing list
K12OSN at redhat.com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>

More information about the K12OSN mailing list