[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SuSE 8.0 Linux as OpenLDAP client

To: Dieter Kluenter <dieter@dkluenter.de>
Subject: Re: SuSE 8.0 Linux as OpenLDAP client
From: Andreas Heilwagen <andreas.heilwagen@jamba.net>
Date: Wed, 14 May 2003 09:38:24 +0200
Cc: openldap-software@OpenLDAP.org
In-reply-to: <m38ytaour7.fsf@marin.l4b.de>
Organization: Jamba! AG
References: <3EC1E6D7.1030603@jamba.net> <m38ytaour7.fsf@marin.l4b.de>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030312

First, my problem was the nscd daemon on SuSE 8.0.

Second, here are the different login PAM configs FYI

DEBIAN 3.0: auth requisite pam_securetty.so auth requisite pam_nologin.so auth sufficient /lib/security/pam_ldap.so auth required pam_env.so auth required pam_unix.so nullok try_first_pass account sufficient /lib/security/pam_ldap.so account required pam_unix.so session required pam_unix.so session optional pam_lastlog.so session optional pam_motd.so session optional pam_mail.so standard noenv password sufficient /lib/security/pam_ldap.so password required pam_unix.so nullok obscure min=4 max=8 md5 use_first_pass


SUSE 8.0:
auth     requisite      pam_unix.so             nullok #set_secrpc
auth     required       pam_securetty.so
auth     required       pam_nologin.so
auth     sufficient     pam_ldap.so             debug
#auth    required       pam_homecheck.so
auth     required       pam_env.so
auth     required       pam_mail.so
account  sufficient     pam_ldap.so             debug
account  required       pam_unix.so
password required       pam_pwcheck.so          nullok
password required       pam_ldap.so       use_first_pass use_authok debug
password required       pam_unix2.so       nullok use_first_pass use_authtok
session  required       pam_unix.so             none # debug or trace
session  required       pam_limits.so

Please don't ask me for a full interpretation since I just begin to understand the details of the PAM configuration ,)


Andreas

Dieter Kluenter wrote:

Hi,

Andreas Heilwagen <andreas.heilwagen@jamba.net> writes:

Hi,

obviously SuSE seems to have hacked unix configuration files
again. The libnsswitch-ldap.conf and /etc/ldap.conf seem to have been
merged into
/etc/openldap/ldap.conf. Furthermore the PAM configuration files look
a lot different.

I can't tell about ldap.conf, but what do you think is different on
pam configuration?

Currently I can use the login and su PAM modules on my debian openldap
server box without problems, but I cannot get the SuSE 8.0 running as
client.


[...]

do not even access ldap. I would be very happy if somebody could tell
me if only nsswitch or pam is possibly broken. Furthmore it would be a
great help if sbd would have some working SuSE config files at hand
for comparison. I found no config files for a SuSE client using a
server with Turbo's LDAPv3 setup (including Kerberos, SSL and GSSAPI).

I run several SuSE Versions from 7.3 to 8.1 but admittedly with
OpenLDAP-2.1.17 and 2.1.19 but with pam modules as suse rpm's and it
works fine for me. Just let me know what you would like to know.

-Dieter

Follow-Ups:
- Re: SuSE 8.0 Linux as OpenLDAP client
  - From: Christian Jung <Christian.Jung@wanadoo.fr>

References:
- SuSE 8.0 Linux as OpenLDAP client
  - From: Andreas Heilwagen <andreas.heilwagen@jamba.net>
- Re: SuSE 8.0 Linux as OpenLDAP client
  - From: Dieter Kluenter <dieter@dkluenter.de>

Prev by Date: Re: SuSE 8.0 Linux as OpenLDAP client
Next by Date: Re: How to setl the timeout for ldap_simple_bind_s()
Index(es):
- Chronological
- Thread