Hi pam_groupdn is not working on some of my centos 6.2 server.
from google i can see , there is a issues with
https://access.redhat.com/knowledge/solutions/64719 but dont understand , how to solve this
Can any one please give me some light ??
Thanks
Hello
On Mon, Mar 25, 2013 at 9:34 PM, Fosiul Alam fosiul@gmail.com wrote:
Hi pam_groupdn is not working on some of my centos 6.2 server.
from google i can see , there is a issues with
https://access.redhat.com/knowledge/solutions/64719 but dont understand , how to solve this
Can any one please give me some light ??
Are you using pam_ldap.conf & nslcd.conf for RHEL6 authentication against LDAP server, RHEL6 dont use legacy ldap.conf file.
Make sure you /etc/pam_ldap.conf look something like this.
base dc=example,dc=com binddn cn=manager bindpw XXXX scope sub nss_base_passwd ou=People,dc=example,dc=com?one nss_base_shadow ou=People,dc=example,dc=com?one nss_base_group ou=Group,dc=example,dc=com?one uri ldaps://ldapserver.example.com/ pam_groupdn cn=servers-mgmt,ou=servers,dc=example,dc=com pam_member_attribute member ssl no tls_cacertdir /etc/openldap/cacerts pam_password crypt
btw why NSLCD ? Why not SSSD, Read below for more information on SSSD.
https://fedorahosted.org/sssd/ http://fedoraproject.org/wiki/Features/SSSD
Thanks
389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Hi Thanks for that, I just configured by using sssd. its working fine but still , it does not restrict user ..i was following this
http://www.couyon.net/1/post/2012/04/enabling-ldap-usergroup-support-and-aut...
and my configuration is
[sssd] config_file_version = 2 services = nss, pam domains = LDAP [nss] filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd [pam] # Example LDAP domain [domain/LDAP] id_provider = ldap auth_provider = ldap ldap_schema = rfc2307bis ldap_uri = ldap://auth4.uk.xxxx.lan ldap_search_base = l=uk,dc=xxxx,dc=lan ldap_group_member = uniquemember ldap_access_filter = cn=system-users,ou=Groups,l=uk,dc=xxxxx,dc=lan chpass_provider = ldap tls_reqcert = demand ldap_tls_cacert = /etc/openldap/cacerts/CA-lego.crt
and i used the according : http://docs.fedoraproject.org/en-US/Fedora/15/html/Deployment_Guide/chap-SSS...
#%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_sss.so use_first_pass auth required pam_deny.so
account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password sufficient pam_sss.so use_authtok password required pam_deny.so
session required pam_mkhomedir.so umask=0022 skel=/etc/skel/ session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session sufficient pam_sss.so session required pam_unix.so
but no luck .. Thanks for further help
On Tue, Mar 26, 2013 at 10:02 AM, Arpit Tolani arpittolani@gmail.comwrote:
Hello
On Mon, Mar 25, 2013 at 9:34 PM, Fosiul Alam fosiul@gmail.com wrote:
Hi pam_groupdn is not working on some of my centos 6.2 server.
from google i can see , there is a issues with
https://access.redhat.com/knowledge/solutions/64719 but dont understand , how to solve this
Can any one please give me some light ??
Are you using pam_ldap.conf & nslcd.conf for RHEL6 authentication against LDAP server, RHEL6 dont use legacy ldap.conf file.
Make sure you /etc/pam_ldap.conf look something like this.
base dc=example,dc=com binddn cn=manager bindpw XXXX scope sub nss_base_passwd ou=People,dc=example,dc=com?one nss_base_shadow ou=People,dc=example,dc=com?one nss_base_group ou=Group,dc=example,dc=com?one uri ldaps://ldapserver.example.com/ pam_groupdn cn=servers-mgmt,ou=servers,dc=example,dc=com pam_member_attribute member ssl no tls_cacertdir /etc/openldap/cacerts pam_password crypt
btw why NSLCD ? Why not SSSD, Read below for more information on SSSD.
https://fedorahosted.org/sssd/ http://fedoraproject.org/wiki/Features/SSSD
Thanks
389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- Regards Arpit Tolani -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org