Hi,
(hoffe das die Mail nicht zweites Mal kommt)
Wie hänge ich Fedora C1 und C2 an ein vorhandenes LDAP dran? Ich habe
wie bei Debian und Gentoo (wo alles funktioniert) u.a einige Dateien in
/etc/pam.d geändert
,----[ system-auth ]
| #%PAM-1.0
| # This file is auto-generated.
| # User changes will be destroyed the next time authconfig is run.
| auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
| auth required /lib/security/$ISA/pam_env.so
| auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
| auth required /lib/security/$ISA/pam_deny.so
|
| account sufficient /lib/security/$ISA/pam_ldap.so
| account required /lib/security/$ISA/pam_unix.so
|
| password sufficient /lib/security/$ISA/pam_ldap.so nullok md5 shadow use_authtok
| password required /lib/security/$ISA/pam_cracklib.so retry=3
| password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5
| password required /lib/security/$ISA/pam_deny.so
|
| session sufficient /lib/security/$ISA/pam_ldap.so
| session required /lib/security/$ISA/pam_limits.so
| session required /lib/security/$ISA/pam_unix.so
`----
,----[ login ]
| #%PAM-1.0
| auth requisite pam_securetty.so
| auth requisite pam_nologin.so
| auth sufficient pam_ldap.so
| auth required pam_stack.so service=system-auth
| account required pam_stack.so service=system-auth
| password required pam_stack.so service=system-auth
| session required pam_selinux.so multiple
| session required pam_stack.so service=system-auth
| session optional pam_console.so
`----
,----[ passwd ]
| #%PAM-1.0
| auth sufficient pam_ldap.so
| auth required pam_stack.so service=system-auth
| account sufficient pam_ldap.so
| account required pam_stack.so service=system-auth
| password sufficient pam_ldap.so
| password required pam_stack.so service=system-auth
`----
,----[ su ]
| #%PAM-1.0
| auth sufficient /lib/security/$ISA/pam_rootok.so
| auth sufficient /lib/security/$ISA/pam_ldap.so
| # Uncomment the following line to implicitly trust users in the "wheel"
group.
| #auth sufficient /lib/security/$ISA/pam_wheel.so trust use_uid
| # Uncomment the following line to require a user to be in the "wheel" group.
| #auth required /lib/security/$ISA/pam_wheel.so use_uid
| auth required /lib/security/$ISA/pam_stack.so service=system-auth
| account required /lib/security/$ISA/pam_stack.so service=system-auth
| password required /lib/security/$ISA/pam_stack.so service=system-auth
| session required /lib/security/$ISA/pam_stack.so service=system-auth
| session optional /lib/security/$ISA/pam_selinux.so multiple
| session optional /lib/security/$ISA/pam_xauth.so
`----
Dann noch
,----[ /etc/nsswitch.conf ]
| # /etc/nsswitch.conf
| #
| # Example configuration of GNU Name Service Switch functionality.
| # If you have the `glibc-doc' and `info' packages installed, try:
| # `info libc "Name Service Switch"' for information about this file.
|
| passwd: files ldap
| group: files ldap
| shadow: files ldap
|
| hosts: files dns
| networks: files dns
|
| protocols: db files
| services: db files
| ethers: db files
| rpc: db files
|
| netmasks: files ldap
| netgroup: files ldap
| publickey: files ldap
|
| bootparams: files ldap
| automount: files ldap
| aliases: files ldap
`----
angepasst.
Wenn sich jetzt ein $User anmelden will, sehe ich in
,----[ /var/log/messages ]
| Feb 5 12:06:11 a7ud0127 login(pam_unix)[1130]: check pass; user unknown
| Feb 5 12:06:11 a7ud0127 login(pam_unix)[1130]: authentication failure; logname=LOGIN
uid=0 euid=0 tty=tty3 ruser= rhost=
| Feb 5 12:06:13 a7ud0127 login[1130]: FAILED LOGIN 1 FROM (null) FOR b9004,
Authentication failure
`----
und die Anmeldung schlägt fehl :(
Wenn ich als root ls -la /home mache, werden alle User und Gruppen
richtig aufgelöst. Ein su - $USER geht auch. Wenn ich dann als $USER id
eingebe, wird auch alles richtig angezeigt.
Habe ich doch noch etwas vergessen, was ggf. bei Debian und/oder Gentoo
nicht gibt?
Pozdrawiam/Gruß/Regards
Robert Rakowicz
--
Robert Rakowicz
URL:
www.rjap.de
E-Mail: b9009(a)rjap.de