login about faq

How to authenticate LDAP accounts on Unix using PAM with SSH Tectia Server?

asked Jan 13 '11 at 15:18

SSH%20KB's gravatar image

SSH KB ♦
509249246237


This answer explains how to authenticate LDAP accounts on Unix using PAM and keyboard-interactive authentication with SSH Tectia Server 6.x.

1.

Install the necessary pre-requisite packages such as openldap, openldap-clients, and nss_ldap

2.

Edit file /etc/ldap.conf to match your environment:

host ldap.company.com
base dc=company,dc=com
ldap_version 3
port 389
scope one
nss_base_passwd ou=People,dc=ssh,dc=com?one
nss_base_shadow ou=People,dc=ssh,dc=com?one
nss_base_group ou=Group,dc=ssh,dc=com?one
ssl no
pam_password md5

3.

Edit/Add file /etc/pam.d/ssh-server-g3

auth     required /lib/security/pam_ldap.so
account  required /lib/security/pam_ldap.so
password required /lib/security/pam_ldap.so
session  required /lib/security/pam_ldap.so

4.

Edit file /etc/nsswitch.conf

passwd: files ldap
shadow: files ldap
group: files ldap

5.

Add following line to /etc/fstab:

ldap.company.com:/export/home /export/home    nfs     rw 0 0

6.

Create directory where to mount home directories and mount them:

mkdir -p /export/home
mount /export/home

7.

With SSH Tectia Server 6.x you can use the following example configuration (OS versions may differ in terms of location of pam security libraries):

<auth-keyboard-interactive>
     <submethod-pam dll-path="/lib/security/pam_ldap.so"/>
</auth-keyboard-interactive>

Note: In some cases you won't need to specify the dll-path.

link

answered Jan 13 '11 at 15:26

SSH%20KB's gravatar image

SSH KB ♦
509249246237

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×8
×6

Asked: Jan 13 '11 at 15:18

Seen: 3,254 times

Last updated: Jan 13 '11 at 15:26

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.