I have written the below, if it is helpful/correct by all means place it on FDS wiki. Debian client setup Important notes There would seem to be at least 2 places (if not three) containing information for ldap. In order to make Debian 4 work I have deleted 2 and sym linked. It is possible on patching Debian that these files maybe restored and LDAP authentication will no longer work. There may well be an official method to setup Debian but I have not been able to locate one via Google. Ldap client setup (command line method) Move to the ldap directory and backup the ldap.conf file. cd /etc/ldap/ ; cp ldap.conf orig-ldap.conf add/edit /etc/ldap/ldap.conf, =========== # $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt Exp $ # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. host xxxx.195.87.249 base dc=xxxx,dc=ac,dc=nz ssl no TLS_CACERTDIR /etc/openldap/cacerts pam_password exop #pam_password md5 HOST xxx.195.87.249 BASE dc=xxxx,dc=ac,dc=nz =========== cd /etc/ and back up pam_ldap.conf cp /etc/pam_ldap.conf /etc/orig-pam_ldap.conf and delete this file and link it to /etc/ldap/ldap.conf ln -s /etc/ldap/ldap.conf /etc/pam_ldap.conf cd /usr/share/libpam-ldap/ ; mv ldap.conf orig-ldap.conf ln -s /etc/ldap/ldap.conf /usr/share/libpam-ldap/ldap.conf At this point the ldapsearch tool and pam should be querying the LDAP server and this will show up in the access log. ssh We will start with using ssh vi LDAP, cd /etc/ssh and more sshd_config and make sure, "UsePAM yes" is present, if not add it (should be there by default). cd /etc/pam.d/ to set up the ssh file for pam. Add in these lines at the beginning of the file, #allow ldap auth sufficient pam_ldap.so account sufficient pam_ldap.so session sufficient pam_ldap.so password sufficient pam_ldap.so restart ssh with /etc/init.d/ssh restart ssh logins should now work OK. regards Steven
