I am trying get centos 6 to authenticate against ldap (active directory to be specific) I am a bit confuse though because after installing nss-pam-ldapd I see several files that appear to be the same configuration. For example I have /etc/pam_ldap.conf and /etc/nslcd.conf. Both of these files seem to have the same configuration options. None seem to work. Any guidance would be much appreciated.
While this has already been answered, there are few things to keep in mind:
So to connect to LDAP, you would:
Then in one shot, run this:
(authconfig will automatically pick up the cert residing in /etc/openldap/cacerts)
I can confirm the steps should be working.
if not use the TLS, just "ssl yes" is ok too
Must install these packages, cost me a lot of time to find out all these necessary packages on Redhat 6 nss-pam-ldapd pam_ldap openldap openldap-clients
Sam
I basically got this to work (except its sending passwords in clear text, I plan to fix this) so I figured I would share what I did.
I installed the nss-pam-ldap package using yum. I edited both pam_ldap.conf and nslcd.conf to reflect my environment. I then ran authconfig-tui answered its questions as best as I could. I did not turn on tls or ssl, just wanted to see if things were working. I ran "/etc/init.d/nslcd restart" and then I could su into ldap users as well as login with them via ssh. Then when I turned on ssl/tls it stopped working. And so I looked using TCP dump and grep-ed and found that my password was getting sent in clear text. So it works but I still need to get ssl/tls working. I would ldap client would send passwords already hashed but I guess not. Maybe there is a way to tell it what cypher to use to has before sending the password to ldap.
Any way I hope this helps others with this problem. Thanks