Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [pam-ldap]

75 questions
66
votes
3 answers

How to test a LDAP connection from a client

How to check the LDAP connection from a client to server. I'm working on the LDAP authentication and this client desktop needs to authenticate via a LDAP server. I can SSH to the LDAP server using LDAP user but When in desktop login prompt, I can't…
FELDAP
  • 909
  • 2
  • 10
  • 22
9
votes
2 answers

Does Linux keeps a cache of groups members if on LDAP ? (Difference between groups vs getent group))

Our users and groups LDAP configuration is working. Our server is using LDAP to store users and groups. # /etc/nsswitch.conf : passwd: compat ldap group: compat ldap shadow: compat ldap But today we added a new group in…
db_ch
  • 638
  • 5
  • 14
  • 20
9
votes
1 answer

What is nsswitch compat mode?

Red Hat recommended me compat mode in /etc/nsswitch.conf as one of the options to enumerate LDAP users, but later said that it's not a much-used method. nsswitch.conf passwd: files compat passwd_compat: ldap in passwd file, add +@netgroup. What is…
ujjain
  • 3,963
  • 15
  • 50
  • 88
7
votes
3 answers

PAM_LDAP Authentication failure with correct credentials on freebsd

I need to get our freebsd servers to auth via AD, but it is giving me problems. Environment: AD backend (Win 2k8r2). This works with other linux hosts which auth via SSSD FreeBSD 9.1 for client servers I have configured everything I can think of,…
floodpants
  • 326
  • 1
  • 2
  • 7
6
votes
0 answers

Write arbitrary attribute into ENV from LDAP upon successful PAM authentication

Is it possible during the authentication phase of pam_ldap to map an arbitrary LDAP attribute of the user's record into the resulting user's environment? The specifics of my situation, in case you see another approach to the problem, are that I've…
James Maroney
  • 311
  • 1
  • 5
6
votes
2 answers

Unable to login via PAM and ldap: failed to get password

I'm trying to have OpenVPN authenticate users via PAM over LDAP to an Active Directory server. Here are the relevant parts of my configuration files: /etc/openvpn/server.conf: # ... plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so…
Naftuli Kay
  • 1,648
  • 6
  • 22
  • 43
6
votes
3 answers

How come all LDAP users are shown with getent passwd?

We are using an LDAP server with both Solaris and RHEL servers and planning to migrate more servers over to RHEL. However we have an issue with LDAP on all Red Hat servers. When I type "getent passwd", all users on the entire LDAP Server are shown,…
ujjain
  • 3,963
  • 15
  • 50
  • 88
5
votes
2 answers

RHEL 6.5 web application PAM AUTH pam_oddjob_mkhomedir

I've got a RHEL 6.5 that authenicates against an AD server, that side is working fine. The machine is also running a web application that uses a PAM module to authenticate. I copied login to make a pam module for use by the web app. (rstudio-server)…
Frank Hauptle
  • 51
  • 1
  • 3
4
votes
5 answers

Managing LDAP logins to a machine without pam_groupdn: multiple groups allowed

I'm sure that some of you have dealt with this same problem. I'm hoping that someone has a better answer than what I'm doing now. So, you've got some users in an LDAP directory, and one day you say "hey! I can authenticate against this thing for…
Bill Weiss
  • 10,782
  • 3
  • 37
  • 65
3
votes
1 answer

Can't make sshd+pam+ldap to work (AuthorizedKeysCommand?)

What I did: Installed libpam-ldapd Set up /etc/ldap/ldap.conf Set up /etc/ssh/ldap-keys.sh as root:root 0755, confirmed it works (/etc/ssh/ldap_keys.sh amadan returns my public keys from LDAP). Set up /etc/nsswitch.conf: passwd, sudo and shadow now…
Amadan
  • 159
  • 1
  • 14
3
votes
1 answer

getent and ldapsearch results are inconsistent concerning the loginShell

I have a test that creates a user in LDAP with /bin/bash and I then modify the ldap attributes to /bin/noshell but the results from getent and ldapsearch are inconsistent for the shell. This user does not exists in /etc/passwd. When I do a ‘getent…
usa ims
  • 361
  • 1
  • 7
  • 14
3
votes
2 answers

openldap authentication ssh

I'm trying to set up on a openldap server running on debian 6 the ssh authentication on a ldap-client host named ldap_client. Here is what ldapsearch returns on server: dn: dc=localnet,dc=lan objectClass: dcObject objectClass: organization dc:…
philippe
  • 2,131
  • 4
  • 30
  • 53
2
votes
1 answer

LDAP Remote Login Logs

How would I log who authenticated against my ldap system on Linux in my lab? I have a lab with several workstations, and one server running openldap. I would like to have similar functionality as with the last command with who, when, and where. The…
HSchmale
  • 223
  • 2
  • 12
2
votes
0 answers

LDAP Not working for SSH connections on ubuntu 12.04

Connecting from the client to the server: $ ssh -vvv user@10.0.50.170 OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 debug1: Reading configuration data /etc/ssh_config debug1: /etc/ssh_config line 20: Applying options for * debug1: /etc/ssh_config line…
sclarson
  • 3,624
  • 21
  • 20
2
votes
0 answers

Set Linux GID based on LDAP OU in ldap.conf

In our company we have a given LDAP Server, which represents the Users of our Windows Active Directory. Unfortunately the gidNumber sent to the LDAP client is always containing the Value "1001" for every user of the Directory. The LDAP-Server…
rimshot
  • 111
  • 1
  • 4
1
2 3 4 5