- This file "/etc/ldap.conf" is the 1st file that has to be modified as this is the file that tells the system which ldap server to authenticate too.
host yourdomain.com
base dc=yourdomain,dc=com
uri ldap://yourdomain.com/
ldap_version 3
rootbinddn cn=Manager,dc=yourdomain,dc=com
scope sub
timelimit 5
bind_timelimit 5
nss_reconnect_tries 2
pam_login_attribute uid
pam_member_attribute gid
pam_password md5
pam_password exop
nss_base_passwd ou=People,dc=yourdomain,dc=com
nss_base_shadow ou=People,dc=yourdomain,dc=com - Now we have to add the passwd in this file "/etc/ldap.secret" so that we can authenticate to the ldap server
password - Now we have to modify this file "/etc/nsswitch.conf"
passwd: files ldap
group: files ldap
hosts: dns ldap
services: ldap [NOTFOUND=return] files
networks: ldap [NOTFOUND=return] files
protocols: ldap [NOTFOUND=return] files
rpc: ldap [NOTFOUND=return] files
ethers: ldap [NOTFOUND=return] files
netmasks: files
bootparams: files
publickey: files
automount: files
sendmailvars: files
netgroup: ldap [NOTFOUND=return] files - Now it is time to modify the files in /etc/pam.d/ directory.
First file to be modified is "/etc/pam.d/login"
authsufficient pam_ldap.so account sufficient pam_ldap.so password sufficient pam_ldap.so session sufficient pam_ldap.so auth requisite pam_securetty.so
auth requisite pam_nologin.so
auth sufficient pam_ldap.so
auth required pam_unix.so use_first_pass
auth required pam_tally.so onerr=succeed file=/var/log/faillog
account required pam_access.so
account required pam_time.so
account required pam_unix.so
account sufficient pam_ldap.so
password sufficient pam_ldap.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session required pam_unix.so
session required pam_env.so
session required pam_motd.so
session required pam_limits.so
session optional pam_mail.so dir=/var/spool/mail standard
session sufficient pam_ldap.so
session optional pam_lastlog.so - Now we modify "/etc/pam.d/shadow"
auth sufficient pam_ldap.so account sufficient pam_ldap.so password sufficient pam_ldap.so session sufficient pam_ldap.so auth sufficient pam_rootok.so
auth required pam_unix.so
auth sufficient pam_ldap.so use_first_pass
account required pam_unix.so
account sufficient pam_ldap.so
session required pam_unix.so
session sufficient pam_ldap.so
password sufficient pam_ldap.so
password required pam_permit.so - Now we modify "/etc/pam.d/passwd"
password sufficient pam_ldap.so password sufficient pam_ldap.so
password required pam_unix.so shadow nullok - Now we modify "/etc/pam.d/su"
auth sufficient pam_ldap.so account sufficient pam_ldap.so session sufficient pam_ldap.so auth sufficient pam_ldap.so
auth sufficient pam_rootok.so
auth required pam_unix.so use_first_pass
account sufficient pam_ldap.so
account required pam_unix.so
session sufficient pam_ldap.so
session required pam_unix.so - Now we modify "/etc/pam.d/sudo"
auth sufficient pam_ldap.so auth sufficient pam_ldap.so
auth required pam_unix.so use_first_pass
auth required pam_nologin.so - In this file "/etc/pam.d/sshd" you have to add 3 entries, one for auth, one for account, and one for session.
auth sufficient pam_ldap.so account sufficient pam_ldap.so password required pam_ldap.so auth required pam_nologin.so
auth sufficient pam_ldap.so
auth required pam_env.so
auth required pam_unix.so use_first_pass
account sufficient pam_ldap.so
account required pam_unix.so
account required pam_time.so
password required pam_ldap.so
password required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session required pam_unix_session.so
session sufficient pam_ldap.so
session required pam_limits.so
Free, facebook, tips, Links, blogging, Downloads, Google, facebookTips, money, news, apps, Social, Media, Website, Tricks, games, Android, software, PIctures, Internet, Security, Web, codes, Review, bloggers, SAMSUNG, Worldwide, Contest, Exitic, Phones, facebookTricks, hacking, London, Olympics, SEO, Youtube, iOS, Adsense, gadgets, iPHONE, widgets, Doodle, twitter, video, Deals, technology, Aircel, Airtel, iPAD, Angry, Birds, BSNL, TechLife, GMAIL, Idea, Microsoft, SmartPhones, Stress, Buster, Windows, Yahoo, Infolinks, Nokia, Scam, Uninor, browsers, Amazon, Euro, CUP, Chat, IDM, JOBS, Modem, Music, Reliance, Results, SSC, Tata, Docomo, bing, freebie, mobile, placements, AIEEE, AlertPay, Chrome, College, Competetive, Exam, Dehradun, Extension, FireFox, GPRS, HTC, IMPACT, Info, MTS, Mark, Zukerberg, Paypal, Promotional, Post, Torrent, UTU, Unlocking, VodaFone, Wall, Paper, apple, books, engineering, iCAR, iTunes, pinterest, rovio, AVG, Admit, Card, Adobe, Affiliate, Marketing, Akhilesh, Amul, Girl, BlackBerry, ChromeBook, Clixsense, Coupon, Digitallife, Discovery, Emoticons, Festival, GATE, GIMP, Income, Tax, International, JSS, JailBreaking, Kindle, Linux, Local, MAX, PAYNE, Mac, Mango, Memory, Speed, Nexus, Online, Shopping, Raakhi, Report, Rising, Stars, Sample, Science, Sony, Syllabus, TabletBooK, Teamviewer, Templates, Dark, Knight, Rises, USA, UPMT, Virgin, Xperia, ZTE, challan, counselling, course, btech, funny, iMOVE, registration
source:http://linuxpoison.blogspot.com/2008/10/13578175714218.html