01234567890123456789012345678901234567890123456789012345678901234567890123456789
I was following the thread on using LDAP to handle authentication of clients, and I am having a lot of trouble getting things to work. First I created a new testing account # adduser testing Second, I downloaded the conversion tools, turned off shadowpasswords, and updated my LDAP database. Using ldapsearch, I verified that all the accounts had been transfered over. I then downloaded the pam_ldap modules, and changed /etc/pam.d/other to: auth sufficient pam_ldap.so auth required pam_unix_auth.so try_first_pass account required pam_unix_acct.so password required pam_unix_passwd.so shadow session required pam_unix_session.so Note: there is not an /etc/pam.d/login file. I also changed the /etc/pam_ldap.conf so that it had the correct search base, and also used LDAP v 3. Then I deleted the test account from /etc/password, /etc/shadow etc. But I was not able to login with the test account. Have I left out some steps? Do I need some special PAMifed getty or something? I also decided to try and see if PAM was working at all, so I copied /etc/pam.d/other to /etc/pam.d/login, and changed the file to read auth required pam_deny.so account required pam_unix_acct.so password required pam_unix_passwd.so shadow session required pam_unix_session.so But even with PAM deny as the first module, I still was able to login. Why is that? Do you know of any docs that I have missed? TIA, Bill Van Devender
