Есть ldap server, где заведены учетки.
Есть сервер c ldap client, при подключении к нему по ssh он должен лезть на ldap server, авторизоваться и пустить меня в консоль.
Помогите настроить!
Устанавливал
apt-get install libnss-ldap libpam-ldap nscd
/etc/ldap/ldap.conf
host ip
binddn cn=adm,dc=example,dc=ru
bindpw passwd
rootbinddn cn=adm,dc=example,dc=ru
pam_login_attribute uid
pam_min_uid 10000
pam_max_uid 65530
pam_password exop
nss_base_passwd dc=example,dc=ru
nss_base_shadow dc=example,dc=ru
nss_base_group dc=example,dc=ru
bind_policy soft
nss_reconnect_tries 3
nss_reconnect_sleeptime 1
nss_reconnect_maxconntries 3
BASE dc=example,dc=ru
URI ldap://ip/etc/nsswitch.conf
passwd: compat ldap
group: compat ldap
shadow: compat ldap
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
/etc/pam.d/common-auth:
auth [success=2 default=ignore] pam_unix.so nullok_secure try_first_pass
auth [success=1 default=ignore] pam_ldap.so use_first_pass
auth requisite pam_deny.so
auth required pam_permit.so
/etc/pam.d/common-account:
account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so
account [success=1 default=ignore] pam_ldap.so
account requisite pam_deny.so
account required pam_permit.so
/etc/pam.d/common-password:
password [success=2 default=ignore] pam_unix.so obscure sha512
password [success=1 user_unknown=ignore default=die] pam_ldap.so use_authtok try_first_pass
password requisite pam_deny.so
password required pam_permit.so
/etc/pam.d/common-session
session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session required pam_unix.so
session optional pam_ldap.so
session required pam_mkhomedir.so
/etc/pam.d/common-session-noninteractive
session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session required pam_unix.so
session optional pam_ldap.so
Тема: ssh + ldap client (Прочитано 921 раз)
