From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Message-ID: <3FA6D0B8.4050505@v-lug.vlink.ru> Date: Tue, 04 Nov 2003 01:03:36 +0300 From: Taras Ablamsky User-Agent: Mozilla/5.0 (X11; U; Linux i686; ru-RU; rv:1.2.1) Gecko/20030210 X-Accept-Language: ru, en-us, en MIME-Version: 1.0 To: community@altlinux.ru Subject: Re: [Comm] OpenLDAP References: <200311031248.45973.dima@academy.cap.ru> In-Reply-To: <200311031248.45973.dima@academy.cap.ru> X-Enigmail-Version: 0.70.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: community@altlinux.ru X-Mailman-Version: 2.1.3 Precedence: list Reply-To: community@altlinux.ru List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2003 22:11:39 -0000 Archived-At: List-Archive: List-Post: Dmitry Nechaev пишет: >Люди. Подскажите, пожалуйста, как настроить клиента на авторизацию через >OpanLDAP. Есть ALT Linux Master 2.2, нужно, чтоб пользователи логинились >через OpenLDAP-сервер. Сервер-то я настроил, а вот с клиентом чего-то >недопонимаю... Поделитесь примерами конфигурационных файлов, если можно. > t@lcomp2 ~ $ grep "^[^#]" /etc/ldap.conf host 10.10.4.7 base dc=mf, dc=volsu, dc=ru uri ldap://10.10.4.7/ pam_login_attribute uid pam_template_login_attribute uid pam_template_login nobody pam_password md5 nss_base_passwd ou=People,dc=mf,dc=volsu,dc=ru?one nss_base_shadow ou=People,dc=mf,dc=volsu,dc=ru?one nss_base_group ou=Group,dc=mf,dc=volsu,dc=ru?one nss_base_hosts ou=Hosts,dc=mf,dc=volsu,dc=ru?one t@lcomp2 ~ $ grep "^[^#]" /etc/nsswitch.conf passwd: files ldap nisplus nis shadow: tcb files ldap nisplus nis group: files ldap nisplus nis hosts: files ldap nisplus nis dns ethers: files netmasks: files networks: files protocols: files rpc: files services: files bootparams: nisplus [NOTFOUND=return] files netgroup: nisplus publickey: nisplus t@lcomp2 ~ $ cat /etc/pam.d/system-auth #%PAM-1.0 auth sufficient /lib/security/pam_ldap.so auth required /lib/security/pam_tcb.so shadow fork prefix=$2a$ count=8 nullok use_first_pass account sufficient /lib/security/pam_ldap.so account required /lib/security/pam_tcb.so shadow fork password required /lib/security/pam_passwdqc.so min=disabled,24,12,8,7 max=40 passphrase=3 match=4 similar=deny random=42 enforce=users retry=3 password sufficient /lib/security/pam_ldap.so use_authtok password required /lib/security/pam_tcb.so use_authtok shadow fork prefix=$2a$ count=8 write_to=tcb session required /lib/security/pam_tcb.so session required /lib/security/pam_limits.so t@lcomp2 ~ $ cat /etc/pam.d/system-auth-use_first_pass #%PAM-1.0 auth sufficient /lib/security/pam_ldap.so use_first_pass auth required /lib/security/pam_tcb.so shadow fork prefix=$2a$ count=8 nullok use_first_pass password sufficient /lib/security/pam_ldap.so use_first_pass password required /lib/security/pam_tcb.so use_authtok shadow fork prefix=$2a$ count=8 write_to=tcb t@lcomp2 ~ $ Это все на ALM2.2. -- Taras Ablamsky Volgograd Linux User Group http://volgograd.lug.ru/