On Fri, 2005-12-16 at 13:07 +0100, Enrico Valsecchi wrote:
Hi All,
I have a problem.
My Users, stored correctly into Fedora-DS,
can't login into my Linux System.
(With OpenLdap did not have this problem)
I don't understand where is MY error!
:(
There are my system settings....
Many Thanks!
Bye,
Enrico
/etc/pam.d/system-auth
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so broken_shadow
account sufficient /lib/security/$ISA/pam_localuser.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account [default=bad success=ok
user_unknown=ignore] /lib/security/$ISA/pam_ldap.so
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok
md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so
/etc/nsswitch.conf
passwd: files ldap
shadow: files ldap
group: files ldap
/etc/ldap.conf AND /etc/openldap.conf
suffix "dc=chiccomara,dc=org"
----
should have /etc/openldap/ldap.conf with at least...
BASE: dc=chiccomara,dc=org
HOST: 127.0.0.1
----
uri
ldap://centos.chiccomara.org/
ldap_version 3
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberuid
pam_password ssha
nss_base_passwd ou=Users,ou=Mizar Solutions,dc=chiccomara,dc=org
nss_base_shadow ou=Users,ou=Mizar Solutions,dc=chiccomara,dc=org
nss_base_group ou=Groups,ou=Mizar Solutions,dc=chiccomara,dc=org
# nss_base_hosts ou=Host,ou=Mizar Solutions,dc=chiccomara,dc=org
scope one
-----
probably need here...
base: dc=chiccomara,dc=org
host: 127.0.0.1
rootbinddn: cn=Directory Manager #or whatever bind dn you choose
and I am not all knowing on PADL tools but I would have...
nss_base_passwd ou=Users,ou=Mizar Solutions,dc=chiccomara,dc=org?one
nss_base_shadow ou=Users,ou=Mizar Solutions,dc=chiccomara,dc=org?one
nss_base_group ou=Groups,ou=Mizar Solutions,dc=chiccomara,dc=org?one
and then /etc/ldap.secret with your rootbinddn password chmod 600
and you should be able to simply test it by doing...
getent passwd
getent group
and get your users/groups listed
Craig