# Your LDAP server. host ungoliant.eritest.fr # The distinguished name of the search base. base dc=eritest,dc=fr # The search scope. scope sub pam_password ad nss_base_passwd ou=Utilisateurs,dc=eritest,dc=fr?sub nss_base_shadow ou=Utilisateurs,dc=eritest,dc=fr?sub nss_map_objectclass shadowAccount User nss_map_attribute uid sAMAccountName nss_map_attribute cn sAMAccountName pam_login_attribute sAMAccountName pam_filter objectclass=user ssl no ------------------------ ----------------/etc/nsswitch.conf------------------- passwd: files ldap shadow: files ldap group: files ldap hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files ldap rpc: files services: files ldap netgroup: files ldap publickey: nisplus automount: files ldap aliases: files nisplus ------------------------ ---------------etc/pam.d/system-auth auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so broken_shadow account sufficient /lib/security/$ISA/pam_localuser.so account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so account required /lib/security/$ISA/pam_permit.so password requisite /lib/security/$ISA/pam_cracklib.so retry=3 password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/$ISA/pam_ldap.so use_authtok password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session optional /lib/security/$ISA/pam_ldap.so --------------------------------- many thanks. Guillaume