Fedora C1 und C2 an LDAP?

Robert Rakowicz b9009 at rjap.de
Sat Feb 5 14:03:21 UTC 2005 

Hi,

(hoffe das die Mail nicht zweites Mal kommt)

Wie hänge ich Fedora C1 und C2 an ein vorhandenes LDAP dran? Ich habe
wie bei Debian und Gentoo (wo alles funktioniert) u.a einige Dateien in
/etc/pam.d geändert

,----[ system-auth ]
| #%PAM-1.0
| # This file is auto-generated.
| # User changes will be destroyed the next time authconfig is run.
| auth 	    sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
| auth        required      /lib/security/$ISA/pam_env.so
| auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
| auth        required      /lib/security/$ISA/pam_deny.so
| 
| account     sufficient    /lib/security/$ISA/pam_ldap.so
| account     required      /lib/security/$ISA/pam_unix.so
| 
| password    sufficient    /lib/security/$ISA/pam_ldap.so nullok md5 shadow use_authtok
| password    required      /lib/security/$ISA/pam_cracklib.so retry=3
| password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5
| password    required      /lib/security/$ISA/pam_deny.so
| 
| session     sufficient    /lib/security/$ISA/pam_ldap.so
| session     required      /lib/security/$ISA/pam_limits.so
| session     required      /lib/security/$ISA/pam_unix.so
`----

,----[ login ]
| #%PAM-1.0
| auth       requisite	pam_securetty.so
| auth       requisite	pam_nologin.so
| auth       sufficient   pam_ldap.so
| auth       required	pam_stack.so service=system-auth
| account    required	pam_stack.so service=system-auth
| password   required	pam_stack.so service=system-auth
| session    required	pam_selinux.so multiple
| session    required	pam_stack.so service=system-auth
| session    optional	pam_console.so
`----

,----[ passwd ]
| #%PAM-1.0
| auth       sufficient   pam_ldap.so
| auth       required	pam_stack.so service=system-auth
| account    sufficient   pam_ldap.so
| account    required	pam_stack.so service=system-auth
| password   sufficient   pam_ldap.so
| password   required	pam_stack.so service=system-auth
`----

,----[ su ]
| #%PAM-1.0
| auth       sufficient   /lib/security/$ISA/pam_rootok.so
| auth   	   sufficient	/lib/security/$ISA/pam_ldap.so
| # Uncomment the following line to implicitly trust users in the "wheel" group.
| #auth       sufficient   /lib/security/$ISA/pam_wheel.so trust use_uid
| # Uncomment the following line to require a user to be in the "wheel" group.
| #auth       required     /lib/security/$ISA/pam_wheel.so use_uid
| auth       required	/lib/security/$ISA/pam_stack.so service=system-auth
| account    required	/lib/security/$ISA/pam_stack.so service=system-auth
| password   required	/lib/security/$ISA/pam_stack.so service=system-auth
| session    required	/lib/security/$ISA/pam_stack.so service=system-auth
| session	   optional	/lib/security/$ISA/pam_selinux.so multiple
| session    optional	/lib/security/$ISA/pam_xauth.so
`----

Dann noch

,----[ /etc/nsswitch.conf ]
| # /etc/nsswitch.conf
| #
| # Example configuration of GNU Name Service Switch functionality.
| # If you have the `glibc-doc' and `info' packages installed, try:
| # `info libc "Name Service Switch"' for information about this file.
| 
| passwd:         files ldap
| group:          files ldap
| shadow:         files ldap
| 
| hosts:          files dns
| networks:       files dns
| 
| protocols:      db files
| services:       db files
| ethers:         db files
| rpc:            db files
| 
| netmasks:       files ldap
| netgroup:       files ldap
| publickey:      files ldap
| 
| bootparams:     files ldap
| automount:      files ldap
| aliases:        files ldap
`----

angepasst.
Wenn sich jetzt ein $User anmelden will, sehe ich in 

,----[ /var/log/messages ]
| Feb  5 12:06:11 a7ud0127 login(pam_unix)[1130]: check pass; user unknown
| Feb  5 12:06:11 a7ud0127 login(pam_unix)[1130]: authentication failure; logname=LOGIN uid=0 euid=0 tty=tty3 ruser= rhost=
| Feb  5 12:06:13 a7ud0127 login[1130]: FAILED LOGIN 1 FROM (null) FOR b9004, Authentication failure
`----
und die Anmeldung schlägt fehl :(
Wenn ich als root ls -la /home mache, werden alle User und Gruppen
richtig aufgelöst. Ein su - $USER geht auch. Wenn ich dann als $USER id
eingebe, wird auch alles richtig angezeigt.

Habe ich doch noch etwas vergessen, was ggf. bei Debian und/oder Gentoo
nicht gibt?


Pozdrawiam/Gruß/Regards
Robert Rakowicz

-- 
Robert Rakowicz
URL: www.rjap.de
E-Mail: b9009 at rjap.de

More information about the de-users mailing list