pam_groupdn is not working for some Centos 6.2 - 389-users - Fedora Mailing-Lists

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

pam_groupdn is not working for some Centos 6.2

adding attribute

389DS Certificates

Fosiul Alam

Monday, 25 March 2013 Mon, 25 Mar '13

11:04 a.m.

Hi pam_groupdn is not working on some of my centos 6.2 server. from google i can see , there is a issues with https://access.redhat.com/knowledge/solutions/64719 but dont understand , how to solve this Can any one please give me some light ?? Thanks

Reply

Show replies by date

Arpit Tolani

Tuesday, 26 March Tue, 26 Mar

5:02 a.m.

Hello On Mon, Mar 25, 2013 at 9:34 PM, Fosiul Alam <fosiul(a)gmail.com> wrote:

Hi pam_groupdn is not working on some of my centos 6.2 server. from google i can see , there is a issues with https://access.redhat.com/knowledge/solutions/64719 but dont understand , how to solve this Can any one please give me some light ??

Are you using pam_ldap.conf & nslcd.conf for RHEL6 authentication against LDAP server, RHEL6 dont use legacy ldap.conf file. Make sure you /etc/pam_ldap.conf look something like this. base dc=example,dc=com binddn cn=manager bindpw XXXX scope sub nss_base_passwd ou=People,dc=example,dc=com?one nss_base_shadow ou=People,dc=example,dc=com?one nss_base_group ou=Group,dc=example,dc=com?one uri ldaps://ldapserver.example.com/ pam_groupdn cn=servers-mgmt,ou=servers,dc=example,dc=com pam_member_attribute member ssl no tls_cacertdir /etc/openldap/cacerts pam_password crypt btw why NSLCD ? Why not SSSD, Read below for more information on SSSD. https://fedorahosted.org/sssd/ http://fedoraproject.org/wiki/Features/SSSD

Thanks -- 389 users mailing list 389-users(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users

-- Regards Arpit Tolani

Reply

Fosiul Alam

Monday, 1 April Mon, 1 Apr

4:03 p.m.

Hi Thanks for that, I just configured by using sssd. its working fine but still , it does not restrict user ..i was following this http://www.couyon.net/1/post/2012/04/enabling-ldap-usergroup-support-and-... and my configuration is [sssd] config_file_version = 2 services = nss, pam domains = LDAP [nss] filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd [pam] # Example LDAP domain [domain/LDAP] id_provider = ldap auth_provider = ldap ldap_schema = rfc2307bis ldap_uri = ldap://auth4.uk.xxxx.lan ldap_search_base = l=uk,dc=xxxx,dc=lan ldap_group_member = uniquemember ldap_access_filter = cn=system-users,ou=Groups,l=uk,dc=xxxxx,dc=lan chpass_provider = ldap tls_reqcert = demand ldap_tls_cacert = /etc/openldap/cacerts/CA-lego.crt and i used the according : http://docs.fedoraproject.org/en-US/Fedora/15/html/Deployment_Guide/chap-... #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_sss.so use_first_pass auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password sufficient pam_sss.so use_authtok password required pam_deny.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel/ session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session sufficient pam_sss.so session required pam_unix.so but no luck .. Thanks for further help On Tue, Mar 26, 2013 at 10:02 AM, Arpit Tolani <arpittolani(a)gmail.com>wrote:

Hello On Mon, Mar 25, 2013 at 9:34 PM, Fosiul Alam <fosiul(a)gmail.com> wrote: > Hi > pam_groupdn is not working on some of my centos 6.2 server. > > from google i can see , there is a issues with > > https://access.redhat.com/knowledge/solutions/64719 > but dont understand , how to solve this > > Can any one please give me some light ?? Are you using pam_ldap.conf & nslcd.conf for RHEL6 authentication against LDAP server, RHEL6 dont use legacy ldap.conf file. Make sure you /etc/pam_ldap.conf look something like this. base dc=example,dc=com binddn cn=manager bindpw XXXX scope sub nss_base_passwd ou=People,dc=example,dc=com?one nss_base_shadow ou=People,dc=example,dc=com?one nss_base_group ou=Group,dc=example,dc=com?one uri ldaps://ldapserver.example.com/ pam_groupdn cn=servers-mgmt,ou=servers,dc=example,dc=com pam_member_attribute member ssl no tls_cacertdir /etc/openldap/cacerts pam_password crypt btw why NSLCD ? Why not SSSD, Read below for more information on SSSD. https://fedorahosted.org/sssd/ http://fedoraproject.org/wiki/Features/SSSD > > Thanks > -- > 389 users mailing list > 389-users(a)lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users -- Regards Arpit Tolani -- 389 users mailing list 389-users(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users

-- Regards Fosiul Alam 07877100621 http://www.fosiul.co.uk

Reply

4043

days inactive

4050

days old

389-users@lists.fedoraproject.org

Manage subscription

2 comments

2 participants

tags (0)

participants (2)

Arpit Tolani
Fosiul Alam