|
配置环境:
server: centos 5.6
client: fedora 15
[color="Red"]遇到的问题:
在client可以用 su user 或 su - user 登录
而且在client 用 ldapsearch -x -LLL 也可以查到ldap信息
但是无法正常通过登录方式登录:比如登录界面或SSH直接登录
server 端的LDAP配置:(未改动的未贴出)
slapd.conf:
database bdb
suffix "dc=mwhdc,dc=com"
rootdn "cn=Manager,dc=mwhdc,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw 123456
rootpw {SSHA}Tdh3fwWO0X68E7H8Zwb4N+9bjMhNcBuK
pam.d/system-auth:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
# auth sufficient pam_ldap.so
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid >= 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok md5
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=ok default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session optional pam_ldap.so
nsswitch.conf
passwd: files ldap
shadow: files ldap
group: files ldap
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files ldap
publickey: nisplus
automount: files ldap
aliases: files nisplus
sysconfig/authconfig:
USEWINBINDAUTH=no
USEKERBEROS=no
USESYSNETAUTH=yes
USEPAMACCESS=no
USEMKHOMEDIR=yes
FORCESMARTCARD=no
USESMBAUTH=no
USESMARTCARD=no
USELDAPAUTH=yes
USEDB=no
USEWINBIND=no
USESHADOW=yes
PASSWDALGORITHM=md5
USEPASSWDQC=no
USELDAP=yes
USELOCAUTHORIZE=yes
USEHESIOD=no
USECRACKLIB=yes
USENIS=no
============================================
client 端的LDAP配置:(未改动的未贴出)
openldap/ldap.conf :
URI ldap://172.28.11.54/
BASE dc=mwhdc,dc=com
pam_check_host_attr yes
TLS_CACERTDIR /etc/openldap/cacerts
pam.d/system-auth:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_ldap.so use_first_pass
# auth sufficient pam_sss.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
# account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
# password sufficient pam_sss.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
# -session optional pam_systemd.so
session optional pam_mkhomedir.so skel=/etc/skel/ umask=0022
session [success=ok default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_ldap.so
# session optional pam_sss.so
nsswitch.conf:
passwd: files ldap
shadow: files ldap
group: files ldap
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files ldap
publickey: nisplus
automount: files ldap
aliases: files nisplus
sysconfig/authconfig:
USEMKHOMEDIR=yes
USEPAMACCESS=no
CACHECREDENTIALS=yes
USESSSDAUTH=no
USESHADOW=yes
USEWINBIND=no
PASSWDALGORITHM=yes
FORCELEGACY=no
USEFPRINTD=no
USEHESIOD=no
FORCESMARTCARD=no
USEDB=no
USELDAPAUTH=yes
USELOCAUTHORIZE=yes
USEECRYPTFS=no
USECRACKLIB=yes
USEWINBINDAUTH=no
USESMARTCARD=no
USELDAP=yes
USENIS=no
USEKERBEROS=no
USESYSNETAUTH=yes
USESSSD=no
USEPASSWDQC=no
主要配置就这些,不知道问题出在哪里!一直很郁闷!!!请教各位了!请各位指点啊~~~!!
非常感谢啊~~~!!!:yun: |
|