ldap 客户端 ubuntu 14.04

tag-icon tag-icon 14.04 ldap
ldap 客户端 ubuntu 14.04

你好,Ubuntu 社区 :D

我在使用 ubuntu 14.04 和 ldap 时遇到了问题 :( 以下是我的配置文件:

/etc/ldap.conf:

base dc=ad,dc=school,dc=fr
uri ldap://dcad1.ad.school.fr
ldap_version 3
binddn CN=app,OU=admin,DC=ad,DC=school,DC=fr
bindpw mypassword

nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_attribute uid sAMAccountName
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute shadowLastChange pwdLastSet
nss_map_objectclass posixGroup group
nss_map_attribute uniqueMember member
pam_login_attribute sAMAccountName
pam_filter objectclass=User
nss_base_passwd ou=people,dc=ad,dc=school,dc=fr?sub
nss_base_group ou=etp,ou=uds,ou=groups,dc=ad,dc=school,dc=fr?sub

/etc/nsswitch.conf:

passwd:         files ldap
group:          files ldap
shadow:         files ldap

hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

/etc/krb5.conf:

[libdefaults]
       default_realm = AD.SCHOOL.FR
       dns_lookup_realm = true
       dns_lookup_kdc = true

[domain_realm]
      .u-SCHOOL.fr = AD.SCHOOL.FR
      u-SCHOOL.fr = AD.SCHOOL.FR
      .SCHOOL.fr = AD.SCHOOL.FR
      SCHOOL.fr = AD.SCHOOL.FR
      .app.ad.SCHOOL.fr = AD.SCHOOL.FR
      app.ad.SCHOOL.fr = AD.SCHOOL.FR

[logging]
   kdc = FILE:/var/log/krb5kdc.log
   admin_server = FILE:/var/log/krbadmin.log
   default = FILE:/var/log/krb5lib.log

在 /etc/ssh/sshd_config 中:

KerberosAuthentication yes
KerberosOrLocalPasswd yes

/etc/pam.d/通用帐户:

account sufficient      pam_krb5.so ignore_root realm=AD.SCHOOL.FR
account required        pam_unix.so

倒入 /etc/pam.d/common-auth:

auth    sufficient      pam_krb5.so ignore_root realm=AD.SCHOOL.FR
auth    required        pam_unix.so nullok_secure try_first_pass

/etc/pam.d/通用密码:

password        required        pam_unix.so nullok obscure sha512

/etc/pam.d/common-session:

session sufficient      pam_krb5.so ignore_root realm=AD.UNISTRA.FR
session required        pam_unix.so

此配置在 Ubuntu 10.04 上工作正常,但在 ubuntu 14.04 上我遇到了一个问题:会话立即打开并关闭。谢谢 :)

var/log/auth.log:

Feb 24 08:58:12 ubuntu-VM2 lightdm: PAM adding faulty module: pam_kwallet.so   
Feb 24 08:59:26 ubuntu-VM2 lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "baillard"    
Feb 24 08:59:32 ubuntu-VM2 lightdm: pam_krb5(lightdm:auth): user baillard authenticated as [email protected]   
Feb 24 08:59:36 ubuntu-VM2 lightdm: pam_unix(lightdm-greeter:session): session closed for user lightdm    
Feb 24 08:59:41 ubuntu-VM2 lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory    
Feb 24 08:59:41 ubuntu-VM2 lightdm: PAM adding faulty module: pam_kwallet.so    
Feb 24 08:59:46 ubuntu-VM2 lightdm: pam_unix(lightdm-greeter:session): session opened for user lightdm by (uid=0)    
Feb 24 08:59:46 ubuntu-VM2 systemd-logind[534]: New session c5 of user lightdm.    
Feb 24 08:59:56 ubuntu-VM2 lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Feb 24 08:59:56 ubuntu-VM2 lightdm: PAM adding faulty module: pam_kwallet.so

答案1

您是否能够切换到文本 tty 登录?如果是,您是否收到有关缺少主页的警告?在这种情况下,请检查 上的权限/home/<your username>。否则

uri ldap://dcad1.ad.school.fr

尝试按如下方式编辑: uri ldap://dcad1.ad.school.fr/。注意末尾的斜线

相关内容