On Fri, 2004-04-23 at 07:15, George Toft wrote: > Has anyone set up a debian box to use LDAP for authentication? I tried > it last night with mixed results: > - LDAP is working fine: I can retrieve the entries, and the command > getent shows entries from files and ldap. > - I can't log in: > - I can't change password: > # passwd gtoft > passwd: Critical error - immediate abort > # > > I think my problem lies in my PAM configuration. If anyone has done > this and wants to share their pam configs, I would be very appreciative. > > I have googled for the errors I've been getting and have retrieved 0 > hits consistently :( This seems to be trivial under RedHat (or so say > all the web pages I found on the topic). Debian is another story. ---- RH AS 3 /etc/pam.d/system-auth #LDAP authentication # cat system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so password required /lib/security/$ISA/pam_cracklib.so retry=3 type= password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/$ISA/pam_ldap.so use_authtok password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session optional /lib/security/$ISA/pam_ldap.so HTH Craig --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss