Mark, That'd be excellent. Did you use authconfig --enableldap to configure the systems for single sign on? Or did you edit the pam config files directly? The ldap.conf is certainly a good place to start troubleshooting this. Thanks, Chris Bradford Systems Administrator Cambridge Newspapers -----Original Message----- From: fedora-list-bounces@xxxxxxxxxx on behalf of Mark Haney Sent: Tue 4/25/2006 3:07 PM To: For users of Fedora Core releases Subject: Re: FC5 LDAP Authentication Problem[Scanned] I have 3 FC5 boxes tied to Server 2003 AD. Most were upgrades from FC2 they work beautifully. I'll be glad to send over my ldap.conf file if you like. Chris Bradford wrote: > Hi all, > Has anyone managed to get FC5 working with Windows Server 2003 Active > Directory? > I had my FC4 boxes working fine, but the FC5 boxes will not accept any > LDAP user names. > My current setup is: > ################################# /etc/pam.d/login > ########################## > #%PAM-1.0 > ######### Initial Login Prompt ######### > > auth required pam_securetty.so > auth required pam_nologin.so > > ######## Authorise User and Obtain Krb Ticket ###### > > auth required pam_mount.so > auth optional pam_krb5.so use_first_pass > auth sufficient pam_ldap.so use_first_pass > auth required pam_unix.so use_first_pass > # auth required pam_stack.so service=system-auth > auth required pam_nologin.so > > ######## Fetch User Information ######## > > account required pam_access.so > account sufficient pam_ldap.so use-first_pass > account required pam_unix.so use_first_pass > account required pam_nologin.so > # account required pam_stack.so service=system-auth > > ######## Password Management ######## > > password required pam_cracklib.so > password required pam_unix.so shadow md5 use_authtok > password sufficient pam_ldap.so use_authtok > password required pam_mount.so use_authtok shadow md5 > > # password required pam_stack.so service=system-auth > > ######### Sesssion ######## > > session required pam_unix.so > session required pam_mkhomedir.so skel=/etc/skel umask=0077 > session optional pam_mount.so shadow md5 use_authtok > > # pam_selinux.so close should be the first session rule > > session required pam_selinux.so close > > #session required pam_stack.so service=system-auth > #session optional pam_console.so > > # pam_selinux.so open should be the last session rule > > session required pam_selinux.so multiple open > > ########################################################## > > > #################### /etc/pam.d/gdm ###################### > > #%PAM-1.0 > auth required pam_env.so > auth required pam_stack.so service=system-auth > auth required pam_nologin.so > auth required pam_mount.so use_first_pass > auth sufficient pam_ldap.so use_first_pass > auth optional pam_krb5.so use_first_pass > account required pam_stack.so service=system-auth > account sufficient pam_ldap.so use_first_pass > password required pam_stack.so service=system-auth > password sufficient pam_ldap.so use_first_pass > session required pam_stack.so service=system-auth > session optional pam_console.so > session required pam_mkhomedir.so skel=/etc/skel umask=0077 > session optional pam_mount.so use_first_pass > session sufficient pam_ldap.so use_first_pass > session optional pam_group.so > > ######################################################### > Can anyone see where I am going wrong? > Many thanks, > Chris Bradford > Systems Administrator > Cambridge Newspapers > > > This message has been scanned for viruses by BlackSpider MailControl - www.blackspider.com > > -- Interdum feror cupidine partium magnarum Europae vincendarum Mark Haney Sr. Systems Administrator ERC Broadband (828) 350-2415 -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
<<winmail.dat>>
