RE: PAM + LDAP auth without local accounts ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I got the solution.

--
OSS consultant
Centre des Technologies de l'Information
Etat de Genève
82 rue des Acacias
1227 Carouge (GE)
Tél. +41-22-325 11 62

> I have Linux stations using Novell NDS / eDirectory for 
> authentification.
> Works fine so far if I have local accounts in /etc/passwd (password
> desactivited in /etc/shadow).
> What is the necessary config for logging *without* a local account in
> /etc/passwd?

> /etc/ldap.conf

I added the uNIXHomeDirectory attribute in eDirectory and in /etc/ldap.conf:

nss_map_attribute homeDirecory uNIXHomeDirectory

> ===========================
> /etc/pam.d/login
> 
> session  	required    pam_limits.so
> 
> session   	required  	pam_mount.so use_first_pass
> auth      	required  	pam_mount.so use_first_pass

This should be:

session  optional       pam_mkhomedir.so    skel=/etc/skel umask=0022
session   optional      pam_mount.so use_first_pass
auth      optional      pam_mount.so use_first_pass

> ===============
> /etc/security/pam_mount.conf

> volume * ncp novell_name_of_server usr/cti/& /home/& \
> 	ipserver=unix_name_of_server,user=&.novell_context,uid=&,gid=users -
-

To allow symlinks, this should be:

volume * ncp novell_name_of_server usr/cti/& /home/& \
	
ipserver=unix_name_of_server,user=&.novell_context,uid=&,gid=users,strong,sy
mlinks,nfsextras - -

Yann


_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux