我正在设置我的 Ubuntu 19.04 桌面以与 openldap 服务器配合使用。我无法使用 GDM 登录。
我已经添加了 nscd,并且我已经更改了我的设置,如下所示:
common-account:account [success=1 default=ignore] pam_ldap.so
common-auth:auth [success=1 default=ignore] pam_ldap.so use_first_pass
common-password:password [success=1 user_unknown=ignore default=die] pam_ldap.so try_first_pass
common-session:session optional pam_ldap.so
session optional pam_mkhomedir.so skel=/etc/skel umask=077
common-session-noninteractive:session optional pam_ldap.so
nsswitch.conf:passwd: files systemd ldap
group: files systemd ldap
shadow: files ldap
在终端(su - 用户)中,我可以毫无问题地登录,但使用 GDM,我的密码被接受,它似乎可以让我登录,但随后我又回到了登录屏幕。/var/log/auth.log 说:
Aug 2 17:02:24 silver-linux gdm-launch-environment]: pam_unix(gdm-launch-environment:session): session opened for user gdm by (uid=0)
Aug 2 17:02:24 silver-linux systemd-logind[1034]: New session c4 of user gdm.
Aug 2 17:02:24 silver-linux systemd: pam_unix(systemd-user:session): session opened for user gdm by (uid=0)
Aug 2 17:02:26 silver-linux polkitd(authority=local): Registered Authentication Agent for unix-session:c4 (system bus name :1.264 [/usr/bin/gnome-shell], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Aug 2 17:02:40 silver-linux gdm-password]: pam_unix(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=dries
Aug 2 17:02:40 silver-linux gdm-password]: gkr-pam: unable to locate daemon control file
Aug 2 17:02:40 silver-linux gdm-password]: pam_unix(gdm-password:session): session opened for user dries by (uid=0)
Aug 2 17:02:40 silver-linux systemd-logind[1034]: New session 15 of user dries.
Aug 2 17:02:40 silver-linux systemd: pam_unix(systemd-user:session): session opened for user dries by (uid=0)
Aug 2 17:02:41 silver-linux dbus-daemon[1056]: nss_ldap: reconnecting to LDAP server...
Aug 2 17:02:41 silver-linux dbus-daemon[1056]: nss_ldap: reconnected to LDAP server ldap://fileserver.familie-dokter.lan after 1 attempt
Aug 2 17:02:43 silver-linux gdm-password]: pam_unix(gdm-password:session): session closed for user dries
Aug 2 17:02:43 silver-linux systemd-logind[1034]: Session 15 logged out. Waiting for processes to exit.
Aug 2 17:02:49 silver-linux gdm-password]: gkr-pam: unlocked login keyring
Aug 2 17:03:00 silver-linux systemd-logind[1034]: Session c4 logged out. Waiting for processes to exit.
Aug 2 17:03:00 silver-linux polkitd(authority=local): Unregistered Authentication Agent for unix-session:c4 (system bus name :1.264, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Aug 2 17:03:00 silver-linux systemd-logind[1034]: Removed session c4.
我看了描述的内容这里但:
lokaal@silver-linux:~$ sudo apt-get install ldap-auth-client nscd
Reading package lists... Done
Building dependency tree
Reading state information... Done
ldap-auth-client is already the newest version (0.5.4).
nscd is already the newest version (2.29-0ubuntu2).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
lokaal@silver-linux:~$ sudo auth-client-config -t nss -p lac_ldap
sudo: auth-client-config: command not found
我已经走投无路了……
答案1
如何在 Debian 和 Ubuntu(可能还有 Mint 等)上配置客户端 LDAP。这假设您有一个可运行的 LDAP 服务器,其中至少有一个用户和组。
sudo apt install etckeeper # Well you should do that first but it's optional.
该软件包libpam-ldapd
比以下软件包更新且更好libpam-ldap
(末尾没有“d”):
sudo apt install libpam-ldapd
填写“LDAP 服务器 URI:”字段。如果服务器与客户端在同一台机器上,则可以使用默认的ldapi:///
。
填写“LDAP 服务器搜索库:”。这通常是dc=
领域成分。
至少选中 passwd、group 和 shadow 复选框。如果愿意,您可以选择在客户端配置中添加更多类型。
/etc/nsswitch.conf
已自动为您配置。
PAM 已自动为您配置。
设置binddn
并bindpw
输入/etc/nslcd.conf
可以绑定的账户的DN和密码。
设置rootpwmoddn
为管理员帐户 DN。如果您为 选择非管理员帐户,则/etc/nslcd.conf
无需 中的管理员密码。/etc/nslcd.conf
binddn
运行sudo pam-auth-update
。然后选中“登录时创建主目录”复选框(其他复选框保持原样)。
重新启动(或者可能只是重新启动 nscd 和 nslcd)。
LDAP 响应之前可能会有短暂的延迟。
mc@openldap:~$ sudo systemctl restart nscd
mc@openldap:~$ sudo systemctl restart nslcd
mc@openldap:~$ id puppy
id: ‘puppy’: no such user
mc@openldap:~$ id puppy
id: ‘puppy’: no such user
mc@openldap:~$ id puppy
id: ‘puppy’: no such user
mc@openldap:~$ id puppy
id: ‘puppy’: no such user
mc@openldap:~$ id puppy
uid=10000(puppy) gid=10000(puppies) groups=10000(puppies)
$ sudo passwd puppy
LDAP administrator password:
New password:
Retype new password:
passwd: password updated successfully
mc@openldap:~$ su - puppy
Password:
puppy@openldap:~$