[PLUG] Debian and LDAP auth
Jack
jack at bonyari.com
Mon Apr 18 14:58:24 UTC 2005
Paul Heinlein wrote:
> I'm trying to migrate my home network to authenticate against an LDAP
> server. My CentOS box doesn't have any trouble.
>
> My Debian host, however, is hit-and-miss. Some things -- like "getent
> passwd," logging in using an SSH public key, and various stat()
> operations -- work as they should. Others, notably password checking,
> don't.
>
> For now, I've had to recreate the local /etc/{passwd,shadow} entries
> so that people can login with passwords.
>
> I've Googled various sites, tried umpteen combinations of edits to
> /etc/libnss-ldap.conf and the various /etc/pam.d/common-* files, and
> even rebooted just for kicks -- nothing worked.
>
> The Debian client seems to be asking the right questions of the LDAP
> server (openldap 2.1.30, hosted on a Gentoo box):
>
> Apr 17 20:27:42 xxx slapd[29383]: conn=80 op=4 SRCH
> base="ou=accounts,dc=xxx,dc=xxx" scope=2
> filter="(&(objectClass=shadowAccount)(uid=heinlein))"
>
> Apr 17 20:27:42 xxx slapd[29383]: conn=80 op=4 SRCH attr=uid
> userPassword shadowLastChange shadowMax shadowMin shadowWarning
> shadowInactive shadowExpire shadowFlag
>
> Apr 17 20:27:42 irvine slapd[29383]: conn=80 op=4 SEARCH RESULT
> tag=101 err=0 nentries=1 text=
>
> The passwords are stored in SSHA format in the userPassword field.
> Anyone got a clue stick they can aim at my head? :-)
>
This might be helpful...
http://forums.gentoo.org/viewtopic-t-321685-highlight-ldap.html
Otherwise, you might poke around the Gentoo Forumns.
--
Jack Morgan
More information about the PLUG
mailing list