Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [pam-ldap]

80 questions
2
votes
1 answer

Mapping User and Group Ownership through LDAP

I am installing smb 3.5 on a CentOS 6.2 host using smbldap-tools. I've previously installed a similar configuration on RHEL4 using smb 3.0 but CentOS now uses nss-pam-ldapd and nslcd instead of nss_ldap, so the configurations cannot be moved…
Wes Modes
  • 151
  • 1
  • 1
  • 8
2
votes
1 answer

Do I need both nss_ldap and pam_ldap?

This seems like a dumb question, but... do I need both nss_ldap and pam_ldap to have my users in LDAP? It seems to me that pam_ldap would take care of pointing everything at the LDAP server as needed, and I don't know what nss_ldap adds for me.
Bill Weiss
  • 10,979
  • 3
  • 38
  • 66
2
votes
0 answers

afpd[]: PAM audit_log_acct_message() failed: Operation not permitted

Im trying to debug this error in the /var/log/auth but I dont know where to look at. Jul 27 06:44:30 server afpd[6463]: PAM audit_log_acct_message() failed: Operation not permitted The syslog seems fine: Jul 27 06:43:39 server afpd[6463]: AFP3.3…
OscarCy
  • 33
  • 4
1
vote
1 answer

openldap with haproxy - (ldap_result() failed: Can't contact LDAP server)

I'm having an issue with openldap proxied via haproxy. The authentication works perfectly fine on CentOS (7.5.1804) and Debian (9.4). The only problem is that I'm getting errors in syslog and authlog: CentOS: nslcd[10082]: [9f6e5f] ldap_result()…
Mik
  • 23
  • 1
  • 5
1
vote
0 answers

SSH and LDAP auth with groups

I have SSH/LDAP working just fine with public keys and all on an AWS Linux instance. I'm using nss-pam-ldapd and pam_ldap. But when I set /etc/pam_ldap.conf as follows to restrict login to a LDAP group: pam_groupdn…
JohnA
  • 586
  • 3
  • 13
1
vote
1 answer

Suppress weird "authentication failure" log while using pam_ldap with ssh on CentOS 7

We have successfully setup ssh daemon with LDAP authentication on CentOS 7. But there are weird log messages in /var/log/secure even the user successfully login ( first line ) : Dec 5 08:28:13 HOSTNAME.SERVER sshd[11195]: pam_unix(sshd:auth):…
Joe Horn
  • 152
  • 8
1
vote
1 answer

CentOS 7 LDAP Authentication: "Permission denied"

I'm running a CentOS 7 VirtualBox instance. I am trying to set up LDAP authentication through our company Active Directory server. Note: The AD server DOES NOT have Unix extensions installed. Setup: I have nss-pam-ldapd installed The nslcd and nscd…
Richard Wymarc
  • 19
  • 1
  • 2
  • 6
1
vote
1 answer

Active Directory (LDAP) and pam using kerberos instead of bindpw or anonymous access

I have a system that currently uses an LDAP/AD server for authentication via pam and the pam_ldap module. In order to use this server for authentication pam_ldap requires an account which exposes the data on LDAP to me. The account data is normally…
spedl
  • 11
  • 3
1
vote
1 answer

Automatically create home directory on NFS after LDAP login

My current situation is that I can successfully authenticate using ldap and pam, I also succeeded to use pam_mkdir to autocreate home directories in the /home filesystem. What now I'm trying to achieve is to autocreate the same home directories…
rdbisme
  • 184
  • 1
  • 3
  • 9
1
vote
1 answer

LDAP - how to use attribute from objectclass:account and objectclass:inetOrgPerson?

I have an openLDAP which I use for authenticating users to various servers, where each user can have access to a varying number of hosts. I am solving that requirement by using the "host" attribute, and a filter in the PAM config of the machines…
Rudolf Mayer
  • 111
  • 5
1
vote
0 answers

PAM - Ignore local user, if LDAP-connection works

I have configured some SLED10SP1 (not allowed to update) machines to use LDAP for user authentication. Because SLED10 doesn't have official packages for pam_ccreds or sssd, I have to find a way to make offline login possible some other way. The work…
Nipsu
  • 11
  • 1
1
vote
1 answer

migrate debian 8 user (SHA512 encrypted with $6 tag) to LDAP

I have a problem with migrating local user from debian 8 to LDAP. As you know debian 6 and above use SHA512 as standard user password encryption. in the shadow file it shows the password with "$6" tag at the start. I use the recommended migrate tool…
J_LDAP
  • 608
  • 1
  • 6
  • 11
1
vote
0 answers

The differences between libpam-ldap and libpam-ldapd, included packages and modules?

May I ask what's the differences between libpam-ldap and libpam-ldapd when it comes to included packages and modules? As i understand is nss-pam-ldapd the project of libpam-ldapd, which is an improvement of nss_ldap. So, is nss_ldap the same as…
Nazlo
  • 11
  • 1
1
vote
0 answers

vlock/pam_ldap based authentications fails when adding TLS/SSL

I have working centralized authentication configuration setup on Debian Wheezy based servers, utilizing OpenLDAP (2.4.31), pam_ldap (184-8), and libnss-ldap (264-2). I have successfully configured both SSL and TLS methods to encrypt the LDAP traffic…
Corvar
  • 91
  • 9
1
vote
0 answers

LDAP: forced to change root password on every login

I have finally configured my new server as LDAP-client of my existing one. Now, every time I login as root, I am prompted to change my 'LDAP password': login as: root root@111.111.111.111's password: You are required to change your LDAP password…
Peter Brennan
  • 591
  • 5
  • 12
1
2
3 4 5 6