Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # awk '! /^$/ && ! /^#/' /etc/ldap.conf
- base OU=MyOrg,DC=myit,DC=local
- uri ldaps://ad.myit.local:636/
- ldap_version 3
- binddn ldap@myit.local
- bindpw XXXXX
- pam_lookup_policy yes
- pam_password md5
- nss_base_passwd ou=MyOrg,dc=local?sub
- nss_base_shadow ou=MyOrg,dc=myit,dc=local?sub
- nss_base_group ou=MyOrg,dc=myit,dc=local?sub
- nss_map_objectclass posixAccount user
- nss_map_objectclass shadowAccount user
- nss_map_attribute uid sAMAccountName
- nss_map_attribute homeDirectory unixHomeDirectory
- nss_map_attribute shadowLastChange pwdLastSet
- nss_map_objectclass posixGroup group
- nss_map_attribute uniqueMember member
- pam_login_attribute sAMAccountName
- pam_filter objectclass=User
- pam_password ad
- nss_map_attribute userPassword authPassword
- ssl on
- debug 10
- logdir /var/log/ldap
- # /etc/nsswitch.conf
- #
- # Example configuration of GNU Name Service Switch functionality.
- # If you have the `glibc-doc-reference' and `info' packages installed, try:
- # `info libc "Name Service Switch"' for information about this file.
- passwd: files ldap
- group: files ldap
- shadow: files ldap
- gshadow: files
- hosts: files mdns4_minimal [NOTFOUND=return] dns
- networks: files
- protocols: db files
- services: db files
- ethers: db files
- rpc: db files
- netgroup: nis
- #
- # /etc/pam.d/common-auth - authentication settings common to all services
- #
- # This file is included from other service-specific PAM config files,
- # and should contain a list of the authentication modules that define
- # the central authentication scheme for use on the system
- # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
- # traditional Unix authentication mechanisms.
- #
- # As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
- # To take advantage of this, it is recommended that you configure any
- # local modules either before or after the default block, and use
- # pam-auth-update to manage selection of other modules. See
- # pam-auth-update(8) for details.
- # here are the per-package modules (the "Primary" block)
- auth [success=2 default=ignore] pam_unix.so nullok_secure
- auth [success=1 default=ignore] pam_ldap.so use_first_pass
- # here's the fallback if no module succeeds
- auth requisite pam_deny.so
- # prime the stack with a positive return value if there isn't one already;
- # this avoids us returning an error just because nothing sets a success code
- # since the modules above will each just jump around
- auth required pam_permit.so
- # and here are more per-package modules (the "Additional" block)
- auth optional pam_ecryptfs.so unwrap
- # end of pam-auth-update config
- # ldapsearch -H ldaps://ad.myit.local:636 -b 'ou=MyOrg,dc=myit,dc=local' -D ldap@myit.local -W | grep -P 'distinguishedName.*DUFFEZ'
- Enter LDAP Password: (XXXX)
- distinguishedName: CN=Benoit DUFFEZ,OU=MyOrg,DC=myit,DC=local
- # ldapsearch -H ldaps://ad.myit.local:636 -b 'ou=MyOrg,dc=myit,dc=local' -D "CN=Benoit DUFFEZ,OU=MyOrg,DC=myit,DC=local" -W | grep -P 'distinguishedName.*DUFFEZ'
- Enter LDAP Password: (my password)
- distinguishedName: CN=Benoit DUFFEZ,OU=MyOrg,DC=myit,DC=local
- Jun 26 14:28:21 xxx sshd[6925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.5.177
- Jun 26 14:28:21 xxx sshd[6925]: pam_ldap: error trying to bind as user "CN=Benoit DUFFEZ,OU=MyOrg,DC=myit,DC=local" (Invalid credentials)
- Jun 26 14:28:23 xxx sshd[6925]: Failed password for invalid user bdu from 192.168.5.177 port 48780 ssh2
- LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
Add Comment
Please, Sign In to add comment