The SAMBA-LDAP-PDC Howto

5

Revision : 1.24

Configuring Linux

You need to tell you Linux box to use LDAP (pam ldap and nss ldap). Then, you should run
nscd and finish your system LDAP configuration.

5.1

pam ldap, nss ldap and nscd

Use ’authconfig’13 to activate pam ldap :
• Cache Information
• Use LDAP
• dont select ’Use TSL’
• Server: 127.0.0.1
• Base DN: dc=IDEALX,dc=ORG
• Use Shadow Passwords
• Use MD5 Passwords
• Use LDAP Authentification
• Server : 127.0.0.1
• Base DN: dc=IDEALX,dc=ORG
Cache Information mean you’re using nscd (man nscd for more info) : if you’re going to use
pam ldap and nss ldap, you should really use it for optimization.
If you don’t rely on ’authconfig’, you can edit your /ets/pam.d/system-auth by hands, to have
something like the following:
1
2
3
4
5
6
7

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth
required
/lib/security/pam_env.so
auth
sufficient
/lib/security/pam_unix.so likeauth nullok
auth
sufficient
/lib/security/pam_ldap.so use_first_pass
auth
required
/lib/security/pam_deny.so

8
9
10

account
account

required
sufficient

/lib/security/pam_unix.so
/lib/security/pam_ldap.so

password
password
password
password

required
sufficient
sufficient
required

/lib/security/pam_cracklib.so retry=3 type=
/lib/security/pam_unix.so nullok use_authtok md5 shadow
/lib/security/pam_ldap.so use_authtok
/lib/security/pam_deny.so

session
session
session

required
required
optional

/lib/security/pam_limits.so
/lib/security/pam_unix.so
/lib/security/pam_ldap.so

11
12
13
14
15
16
17
18
19

13

authconfig is a RedHat utility to configure you pam and nss modules

page 12/56