[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Guix AD authentication trough nscld and pam
From: |
Razvan Lixandru |
Subject: |
Guix AD authentication trough nscld and pam |
Date: |
Thu, 7 Dec 2023 18:34:42 +0200 |
Hey Guixers!
I'm trying to setup a machine where AD users can login without the
machine being joined to the domain.
I came up with the configuration here:
https://pastebin.pl/view/a7d13796
LDAP seems to connect fine and actually finds my test user, however
login daemon disagrees:
login[1496]: User not known to the underlying authentication module
Looking at /etc/pam.d/login:
account sufficient
/gnu/store/xcbb7yjr85zfsrssd7b8mr33aa6iv1wl-nss-pam-ldapd-0.9.12/lib/security/pam_ldap.so
account required pam_unix.so
auth sufficient
/gnu/store/xcbb7yjr85zfsrssd7b8mr33aa6iv1wl-nss-pam-ldapd-0.9.12/lib/security/pam_ldap.so
auth required pam_unix.so nullok
password required pam_unix.so sha512 shadow
session required
/gnu/store/lq8kisg6g9fif780mn20n7gaknpzm1dq-elogind-252.9/lib/security/pam_elogind.so
session sufficient
/gnu/store/xcbb7yjr85zfsrssd7b8mr33aa6iv1wl-nss-pam-ldapd-0.9.12/lib/security/pam_ldap.so
session optional pam_motd.so
motd=/gnu/store/mrk0km6gqw4zn20az2bqidvajps7yy93-motd
session required pam_loginuid.so
session required pam_env.so
session required pam_unix.so
I do notice password does not check ldap.
Does anyone have a working configuration I can look at?
Thanks,
Razvan
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Guix AD authentication trough nscld and pam,
Razvan Lixandru <=