Hey Guixers! I'm trying to setup a machine where AD users can login without the machine being joined to the domain.
I came up with the configuration here: https://pastebin.pl/view/a7d13796 LDAP seems to connect fine and actually finds my test user, however login daemon disagrees: login[1496]: User not known to the underlying authentication module Looking at /etc/pam.d/login: account sufficient /gnu/store/xcbb7yjr85zfsrssd7b8mr33aa6iv1wl-nss-pam-ldapd-0.9.12/lib/security/pam_ldap.so account required pam_unix.so auth sufficient /gnu/store/xcbb7yjr85zfsrssd7b8mr33aa6iv1wl-nss-pam-ldapd-0.9.12/lib/security/pam_ldap.so auth required pam_unix.so nullok password required pam_unix.so sha512 shadow session required /gnu/store/lq8kisg6g9fif780mn20n7gaknpzm1dq-elogind-252.9/lib/security/pam_elogind.so session sufficient /gnu/store/xcbb7yjr85zfsrssd7b8mr33aa6iv1wl-nss-pam-ldapd-0.9.12/lib/security/pam_ldap.so session optional pam_motd.so motd=/gnu/store/mrk0km6gqw4zn20az2bqidvajps7yy93-motd session required pam_loginuid.so session required pam_env.so session required pam_unix.so I do notice password does not check ldap. Does anyone have a working configuration I can look at? Thanks, Razvan
