Questions tagged [pam-ldap]
The pam-ldap tag has no usage guidance.
80 questions
0
votes
0
answers
74
views
Is there any way to speed up nslcd LDAP server failover
TL;DR
Even with 2-second timeouts, nslcd "stalls" logins for 14 seconds before switching over to a secondary LDAP server.
Can I speed this up?
My nslcd config
uid nslcd
gid nslcd
uri ldaps://...
- 662
0
votes
0
answers
319
views
Is Certificates are required for STARTTLS connection on LDAP
My LDAP server's ldap.conf file
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE dc=coretesting,dc=com
URI ldap://ldap....
- 7
0
votes
0
answers
175
views
Is it possible to add memberUid as bind DN
Can we use memberUid for bind dn string.
Here is my sample ldif file
dn: cn=posixgroup,dc=memtesting,dc=com
objectClass: top
objectClass: posixGroup
gidNumber: 1001
cn: posixgroup
memberUid: posixuser
...
- 7
0
votes
1
answer
234
views
What are all the certificates mandatory to be provide while setting TLSVerifyClient option to demand
In my case, I had set TLSVerifyClient to demand. I couldn't be able to establish a connection While providing TLSCACertificateFile alone.
While setting the TLSVerifyClient option demand is it ...
- 7
1
vote
1
answer
843
views
Setup SSO : openldap, kerberos, nfs(truenas) :
Currently I am able to setup a SSO NFS setup with openldap ldap server and Truenas NFS server (with LDAP access configured). The ubuntu clients are able to use pam-mount to mount the nfs home shares. ...
- 13
0
votes
0
answers
2k
views
nss_ldap failed to bind to LDAP server
i have configured ldap client (ubuntu 20.04) with nss_ldap to connect on ldap server and accept users in a specific group, it seems that everything is working fine, the client can access the ldap ...
0
votes
1
answer
880
views
nss-pam-ldapd password authentication doesn't work on CentOS 7 only when using `su`
Context
I have 2 different machins here whose main difference is that one is runs CentOS6 the other CentOS7.
Both run the latest distribution-available version of the lib : 0.8.13 for COS7, 0.7.5 for ...
- 484
1
vote
1
answer
585
views
Can't understand why libnss-pam-ldapd does not find LDAP library
I am trying to cross-compile libnss-pam-ldapd for an arm architecture. The configure command always gives the following error:
checking for library containing ldap_search_ext... no
checking for ...
- 11
1
vote
1
answer
941
views
ldapwhoami works but pam_authenticate fails with the same credentials
I'm testing the pam_ldap implementation with a C++ application. I configured ldap and pam_ldap to authenticate against a OpenLDAP server running in the same host. Created a user for testing, ...
- 111
1
vote
1
answer
1k
views
PAM authentication - automatically create user?
I've finally got LDAP auth working on Ubuntu 18.04, however it only works if I first create the local user account (eg john.smith).
If I don't create the account first, it fails to bind to the LDAP ...
- 11
2
votes
0
answers
220
views
afpd[]: PAM audit_log_acct_message() failed: Operation not permitted
Im trying to debug this error in the /var/log/auth but I dont know where to look at.
Jul 27 06:44:30 server afpd[6463]: PAM audit_log_acct_message() failed: Operation not permitted
The syslog seems ...
- 33
0
votes
1
answer
591
views
Errors log in the auth.log but all working fine
Hi I have a Linux server (18.04) that acts as a TimeMachine backup server using the netatalk service.
The users are authenticating using the LDAP (/etc/ldap.conf)
The client can connect to the AFP ...
- 33
0
votes
1
answer
830
views
libpam-ldap unable to connect to LDAP server over SSL/TLS
I am trying to configure PAM to work with my LDAP server for authentication. To do this I am trying to use libpam-ldap, I decided to use libpam-ldap instead of libpam-ldapd for two reasons. First, ...
- 101
0
votes
1
answer
1k
views
NSS query against OpenLDAP server using GSSAPI with proxy authorization
SASL/GSSAPI needs Kerberos authentication against the LDAP server with proxy authorization if using LDAP authentication with nss-pam-ldapd on a Debian Buster operating system. I try to configure this ...
- 505
0
votes
2
answers
3k
views
LDAP PAM client error "cannot find name for user ID"
I had ldap authentication working great last night, then today it doesn't seem to work. I can authenticate as a user, but the client can't seem to look up info about the user:
Example logging in as ...
- 320
0
votes
1
answer
933
views
Unable to login with ldapuser [closed]
I have configured openldap with back-sql on ubuntu 18.04 but unable to login with ldapusers on client machine (centos 7). I am able to fetch user details using ldapsearch command on client machine but ...
0
votes
1
answer
1k
views
changing password - issue with ldap update
I have set directory 389 and 1 server to be client for testing authentication of users, etc.
For installation of Directory I have used this tutorial:
Install And Configure LDAP Server In CentOS 7
...
- 162
0
votes
1
answer
1k
views
nslcd with domain.com and sub.domain.com
i'm trying to setup our linux server with nslcd within multiple AD Domains, example.com and sub.exmaple.com.
The current setup with nslcd is pretty easy and works for the domain example.com:
uid ...
- 288
1
vote
1
answer
3k
views
openldap with haproxy - (ldap_result() failed: Can't contact LDAP server)
I'm having an issue with openldap proxied via haproxy. The authentication works perfectly fine on CentOS (7.5.1804) and Debian (9.4). The only problem is that I'm getting errors in syslog and authlog:
...
- 23
0
votes
1
answer
374
views
ppolicy not enforced on OpenLDAP Client when using 'passwd'
The issue:
Password Policy is not being enforced when I change the password using the 'passwd' command. It is enforced when I use the 'ldappaswd' command.
But the OpenLDAP password still changes using ...
- 191
1
vote
0
answers
4k
views
SSH and LDAP auth with groups
I have SSH/LDAP working just fine with public keys and all on an AWS Linux instance. I'm using nss-pam-ldapd and pam_ldap.
But when I set /etc/pam_ldap.conf as follows to restrict login to a LDAP ...
- 606
1
vote
1
answer
2k
views
Suppress weird "authentication failure" log while using pam_ldap with ssh on CentOS 7
We have successfully setup ssh daemon with LDAP authentication on CentOS 7.
But there are weird log messages in /var/log/secure even the user successfully login ( first line ) :
Dec 5 08:28:13 ...
- 152
0
votes
1
answer
2k
views
LDAP completely ignores pam_groupdn and pam_filter attribute in ldap.conf
OS: Ubuntu 17.10
I currently installed ldap on an Ubuntu to access a ldap server. I configured nls, pam and ldap like in many tutorials proposed. So it worked but now any ldap user can login to the ...
- 19
-2
votes
1
answer
2k
views
Ubuntu LDAP Client: Caching not working
I have an LDAP server, and I want to be able to login on my machines using that LDAP server. This works basically, but when the LDAP server is out of reach (e.g. a laptop is used outside the office) ...
6
votes
0
answers
172
views
Write arbitrary attribute into ENV from LDAP upon successful PAM authentication
Is it possible during the authentication phase of pam_ldap to map an arbitrary LDAP attribute of the user's record into the resulting user's environment?
The specifics of my situation, in case you ...
- 311
0
votes
2
answers
4k
views
nss-pam-ldapd ldap group filtering
I'm attempting to setup authentication via ldap for OpenSSH connections on our FreeBSD servers in AWS. The actual ldap server is external to AWS and is accessed over the Internet.
I've run into a ...
- 113
0
votes
2
answers
13k
views
CentOS 7 LDAP SSH Error "cannot find name for group ID"
I'm running a CentOS 7 VirtualBox instance. I have LDAP authentication set up through our company Active Directory server.
Note: The AD server DOES NOT have Unix extensions installed.
What I'm ...
1
vote
1
answer
6k
views
CentOS 7 LDAP Authentication: "Permission denied"
I'm running a CentOS 7 VirtualBox instance. I am trying to set up LDAP authentication through our company Active Directory server.
Note: The AD server DOES NOT have Unix extensions installed.
Setup:
...
10
votes
2
answers
24k
views
Does Linux keeps a cache of groups members if on LDAP ? (Difference between groups vs getent group))
Our users and groups LDAP configuration is working.
Our server is using LDAP to store users and groups.
# /etc/nsswitch.conf :
passwd: compat ldap
group: compat ldap
shadow: ...
- 658
1
vote
1
answer
819
views
Active Directory (LDAP) and pam using kerberos instead of bindpw or anonymous access
I have a system that currently uses an LDAP/AD server for authentication via pam and the pam_ldap module. In order to use this server for authentication pam_ldap requires an account which exposes the ...
- 11
3
votes
1
answer
2k
views
Can't make sshd+pam+ldap to work (AuthorizedKeysCommand?)
What I did:
Installed libpam-ldapd
Set up /etc/ldap/ldap.conf
Set up /etc/ssh/ldap-keys.sh as root:root 0755, confirmed it works (/etc/ssh/ldap_keys.sh amadan returns my public keys from LDAP).
Set ...
- 159
1
vote
1
answer
5k
views
Automatically create home directory on NFS after LDAP login
My current situation is that I can successfully authenticate using ldap and pam, I also succeeded to use pam_mkdir to autocreate home directories in the /home filesystem.
What now I'm trying to ...
- 184
0
votes
1
answer
3k
views
Getting error when Integrating LDAP with Wordpress
I have installed Ldap on Ubuntu 14.04 and wordpress on amazon linux ami.
I'm able to login in ldap console. I have created a user in it.
On wordpress i have installed simpleLDAP plugin.
I don't know ...
0
votes
1
answer
426
views
Numeric User IDs and PAM_LDAP
We are working on to configure our Linux servers to use LDAP for Authentication using PAM_LDAP + SSSD. Our LDAP Usernames are based on staff numbers (all numeric starting at 1). This will cause a ...
- 458
0
votes
1
answer
709
views
LDAP SSH + PubKey auth Fallback
I have followed this guide here : https://github.com/jirutka/ssh-ldap-pubkey
In order to setup a LDAP server that allows authentication requesting both Password and Public Key in order to login.
Now ...
- 43
0
votes
1
answer
90
views
SunLDAP Schema Extensions to support Linux/Unix Authentication + Sudo
We are running SunLDAP (Sun/Oracle Directory server 11), and would like our Linux/Unix machines to authenticate against LDAP and also use LDAP for storing SUDO policies. What Schema Extensions are ...
- 458
0
votes
1
answer
413
views
Weird behavior with ldap and getent or repquota
I've observed a weird behavior in my network.
I have my network users stored in OpenLDAP 2.4 which also serves a samba 3.6 Domain.
I have user quotas on my NFS servers and that is where I stumbled ...
- 107
0
votes
0
answers
156
views
Centos 6 nss-pam-ldapd delay?
I have configured Centos with nss-pam-ldapd and seems to work fine. ( I can login with my AD credentioals). Except there seems to be a delay of about 20-30 seconds before I can log in.
I also set-up ...
- 325
0
votes
1
answer
527
views
pam_mkhomdir + nfs creates noboy:nogroup owned home dirs
this is a strange issue I've been struggling with some time now.
I have a working ldap and authentication via pam on debian 8.
I have successful tested pam_mkhomedir and I got a home directory for the ...
- 31
2
votes
1
answer
2k
views
LDAP Remote Login Logs
How would I log who authenticated against my ldap system on Linux in my lab? I have a lab with several workstations, and one server running openldap. I would like to have similar functionality as with ...
- 223
1
vote
1
answer
2k
views
LDAP - how to use attribute from objectclass:account and objectclass:inetOrgPerson?
I have an openLDAP which I use for authenticating users to various servers, where each user can have access to a varying number of hosts. I am solving that requirement by using the "host" attribute, ...
- 111
1
vote
2
answers
4k
views
how to join centos 7 to samba domain?
In my office, we use samba domain + ldap. I already join some Windows 7 machines, but now I need to join CentOS 7 to that domain. How can I do that?
Below are steps that I already did:
install nss-...
- 11
0
votes
0
answers
64
views
do not allow multiple sessions if user have different IPs
I am running Red Hat Enterprise Linux 6.6 and for authentication we use LDAP authentication. We have running application on a server (doesn't really matter which one it is) and the way application ...
- 123
0
votes
1
answer
1k
views
Why I cannot find ldap.conf file when I want to integrate 389-ds and samba on centos 7?
I am working on two servers, a samba server and a 389-ds server. Now I want to integrate them so that samba shares are authenticated via ldap server.
I have followed instructions on http://directory....
- 103
6
votes
2
answers
4k
views
Unable to login via PAM and ldap: failed to get password
I'm trying to have OpenVPN authenticate users via PAM over LDAP to an Active Directory server.
Here are the relevant parts of my configuration files:
/etc/openvpn/server.conf:
# ...
plugin /...
- 1,758
0
votes
2
answers
194
views
PAM - LDAP authentication interaction
So far from what I understand it gets given a username/password pair, it then searches the LDAP for the username and tries to log into the LDAP using the distinguished name and the password pair, if ...
- 101
1
vote
0
answers
685
views
PAM - Ignore local user, if LDAP-connection works
I have configured some SLED10SP1 (not allowed to update) machines to use LDAP for user authentication. Because SLED10 doesn't have official packages for pam_ccreds or sssd, I have to find a way to ...
- 11
1
vote
1
answer
298
views
migrate debian 8 user (SHA512 encrypted with $6 tag) to LDAP
I have a problem with migrating local user from debian 8 to LDAP.
As you know debian 6 and above use SHA512 as standard user password encryption. in the shadow file it shows the password with "$6" ...
- 608
0
votes
1
answer
2k
views
pam google authenticator can't compute location of secret file
I've installed Google Authentication on all the machines in our system, and while the authentication during login works fine, our machines are producing logs that have this line over and over:
sshd(...
- 3
0
votes
2
answers
2k
views
pam_ldap user password changes using rootbinddn on Debian Jessie
When configuring pam_ldap on Debian Jessie, end user password changes are utilizing the rootbinddn, circumventing OpenLDAP's ppolicy overlay. This is allowing end users to change their passwords ...
- 91