FC5 LDAP Authentication Problem[Scanned]
Chris Bradford
chrisbradford at cambridge-news.co.uk
Tue Apr 25 14:56:28 UTC 2006
Mark,
That'd be excellent.
Did you use authconfig --enableldap to configure the systems for single sign on? Or did you edit the pam config files directly?
The ldap.conf is certainly a good place to start troubleshooting this.
Thanks,
Chris Bradford
Systems Administrator
Cambridge Newspapers
-----Original Message-----
From: fedora-list-bounces at redhat.com on behalf of Mark Haney
Sent: Tue 4/25/2006 3:07 PM
To: For users of Fedora Core releases
Subject: Re: FC5 LDAP Authentication Problem[Scanned]
I have 3 FC5 boxes tied to Server 2003 AD. Most were upgrades from FC2
they work beautifully. I'll be glad to send over my ldap.conf file if
you like.
Chris Bradford wrote:
> Hi all,
> Has anyone managed to get FC5 working with Windows Server 2003 Active
> Directory?
> I had my FC4 boxes working fine, but the FC5 boxes will not accept any
> LDAP user names.
> My current setup is:
> ################################# /etc/pam.d/login
> ##########################
> #%PAM-1.0
> ######### Initial Login Prompt #########
>
> auth required pam_securetty.so
> auth required pam_nologin.so
>
> ######## Authorise User and Obtain Krb Ticket ######
>
> auth required pam_mount.so
> auth optional pam_krb5.so use_first_pass
> auth sufficient pam_ldap.so use_first_pass
> auth required pam_unix.so use_first_pass
> # auth required pam_stack.so service=system-auth
> auth required pam_nologin.so
>
> ######## Fetch User Information ########
>
> account required pam_access.so
> account sufficient pam_ldap.so use-first_pass
> account required pam_unix.so use_first_pass
> account required pam_nologin.so
> # account required pam_stack.so service=system-auth
>
> ######## Password Management ########
>
> password required pam_cracklib.so
> password required pam_unix.so shadow md5 use_authtok
> password sufficient pam_ldap.so use_authtok
> password required pam_mount.so use_authtok shadow md5
>
> # password required pam_stack.so service=system-auth
>
> ######### Sesssion ########
>
> session required pam_unix.so
> session required pam_mkhomedir.so skel=/etc/skel umask=0077
> session optional pam_mount.so shadow md5 use_authtok
>
> # pam_selinux.so close should be the first session rule
>
> session required pam_selinux.so close
>
> #session required pam_stack.so service=system-auth
> #session optional pam_console.so
>
> # pam_selinux.so open should be the last session rule
>
> session required pam_selinux.so multiple open
>
> ##########################################################
>
>
> #################### /etc/pam.d/gdm ######################
>
> #%PAM-1.0
> auth required pam_env.so
> auth required pam_stack.so service=system-auth
> auth required pam_nologin.so
> auth required pam_mount.so use_first_pass
> auth sufficient pam_ldap.so use_first_pass
> auth optional pam_krb5.so use_first_pass
> account required pam_stack.so service=system-auth
> account sufficient pam_ldap.so use_first_pass
> password required pam_stack.so service=system-auth
> password sufficient pam_ldap.so use_first_pass
> session required pam_stack.so service=system-auth
> session optional pam_console.so
> session required pam_mkhomedir.so skel=/etc/skel umask=0077
> session optional pam_mount.so use_first_pass
> session sufficient pam_ldap.so use_first_pass
> session optional pam_group.so
>
> #########################################################
> Can anyone see where I am going wrong?
> Many thanks,
> Chris Bradford
> Systems Administrator
> Cambridge Newspapers
>
>
> This message has been scanned for viruses by BlackSpider MailControl - www.blackspider.com
>
>
--
Interdum feror cupidine partium magnarum Europae vincendarum
Mark Haney
Sr. Systems Administrator
ERC Broadband
(828) 350-2415
--
fedora-list mailing list
fedora-list at redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 4153 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060425/4ae5c223/attachment-0001.bin>
More information about the fedora-list
mailing list