[PLUG] Debian and LDAP auth

Jack jack at bonyari.com
Mon Apr 18 14:58:24 UTC 2005


Paul Heinlein wrote:

> I'm trying to migrate my home network to authenticate against an LDAP 
> server. My CentOS box doesn't have any trouble.
>
> My Debian host, however, is hit-and-miss. Some things -- like "getent 
> passwd," logging in using an SSH public key, and various stat() 
> operations -- work as they should. Others, notably password checking, 
> don't.
>
> For now, I've had to recreate the local /etc/{passwd,shadow} entries 
> so that people can login with passwords.
>
> I've Googled various sites, tried umpteen combinations of edits to 
> /etc/libnss-ldap.conf and the various /etc/pam.d/common-* files, and 
> even rebooted just for kicks -- nothing worked.
>
> The Debian client seems to be asking the right questions of the LDAP 
> server (openldap 2.1.30, hosted on a Gentoo box):
>
>   Apr 17 20:27:42 xxx slapd[29383]: conn=80 op=4 SRCH
>   base="ou=accounts,dc=xxx,dc=xxx" scope=2
>   filter="(&(objectClass=shadowAccount)(uid=heinlein))"
>
>   Apr 17 20:27:42 xxx slapd[29383]: conn=80 op=4 SRCH attr=uid
>   userPassword shadowLastChange shadowMax shadowMin shadowWarning
>   shadowInactive shadowExpire shadowFlag
>
>   Apr 17 20:27:42 irvine slapd[29383]: conn=80 op=4 SEARCH RESULT
>   tag=101 err=0 nentries=1 text=
>
> The passwords are stored in SSHA format in the userPassword field. 
> Anyone got a clue stick they can aim at my head? :-)
>

This might be helpful... 
http://forums.gentoo.org/viewtopic-t-321685-highlight-ldap.html
Otherwise, you might poke around the Gentoo Forumns.

--
Jack Morgan




More information about the PLUG mailing list