LDAP用户登录问题，请教解决方法！！！-红联Linux系统门户

配置环境:
server: centos 5.6
client: fedora 15

遇到的问题：
在client可以用 su user 或 su - user 登录
而且在client 用 ldapsearch -x -LLL 也可以查到ldap信息
但是无法正常通过登录方式登录：比如登录界面或SSH直接登录

server 端的LDAP配置：（未改动的未贴出）
slapd.conf:
database bdb
suffix "dc=mwhdc,dc=com"
rootdn "cn=Manager,dc=mwhdc,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw 123456
rootpw {SSHA}Tdh3fwWO0X68E7H8Zwb4N+9bjMhNcBuK

pam.d/system-auth:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
# auth sufficient pam_ldap.so
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so

account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid >= 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so

password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok md5
password required pam_deny.so

session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=ok default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session optional pam_ldap.so

nsswitch.conf
passwd: files ldap
shadow: files ldap
group: files ldap

#hosts: db files nisplus nis dns
hosts: files dns

# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files

netgroup: files ldap

publickey: nisplus

automount: files ldap
aliases: files nisplus

sysconfig/authconfig：
USEWINBINDAUTH=no
USEKERBEROS=no
USESYSNETAUTH=yes
USEPAMACCESS=no
USEMKHOMEDIR=yes
FORCESMARTCARD=no
USESMBAUTH=no
USESMARTCARD=no
USELDAPAUTH=yes
USEDB=no
USEWINBIND=no
USESHADOW=yes
PASSWDALGORITHM=md5
USEPASSWDQC=no
USELDAP=yes
USELOCAUTHORIZE=yes
USEHESIOD=no
USECRACKLIB=yes
USENIS=no

============================================

client 端的LDAP配置：（未改动的未贴出）
openldap/ldap.conf ：
URI ldap://172.28.11.54/
BASE dc=mwhdc,dc=com
pam_check_host_attr yes

TLS_CACERTDIR /etc/openldap/cacerts

pam.d/system-auth:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_ldap.so use_first_pass
# auth sufficient pam_sss.so use_first_pass
auth required pam_deny.so

account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
# account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so

password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
# password sufficient pam_sss.so use_authtok
password required pam_deny.so

session optional pam_keyinit.so revoke
session required pam_limits.so
# -session optional pam_systemd.so
session optional pam_mkhomedir.so skel=/etc/skel/ umask=0022
session [success=ok default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_ldap.so
# session optional pam_sss.so

nsswitch.conf:
passwd: files ldap
shadow: files ldap
group: files ldap

#hosts: db files nisplus nis dns
hosts: files dns

# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files

netgroup: files ldap

publickey: nisplus

automount: files ldap
aliases: files nisplus

sysconfig/authconfig：
USEMKHOMEDIR=yes
USEPAMACCESS=no
CACHECREDENTIALS=yes
USESSSDAUTH=no
USESHADOW=yes
USEWINBIND=no
PASSWDALGORITHM=yes
FORCELEGACY=no
USEFPRINTD=no
USEHESIOD=no
FORCESMARTCARD=no
USEDB=no
USELDAPAUTH=yes
USELOCAUTHORIZE=yes
USEECRYPTFS=no
USECRACKLIB=yes
USEWINBINDAUTH=no
USESMARTCARD=no
USELDAP=yes
USENIS=no
USEKERBEROS=no
USESYSNETAUTH=yes
USESSSD=no
USEPASSWDQC=no

主要配置就这些，不知道问题出在哪里！一直很郁闷！！！请教各位了！请各位指点啊~~~！！
非常感谢啊~~~！！！

LDAP用户登录问题，请教解决方法！！！

共有 0 条评论

频道文章

最新教程

随机推荐