Configuring PAM to use LDAP

Now the Samba stuff is pretty much configured and we have a user it is time to instruct our SuSE server to use this LDAP information for its posix user accounts. Tying your Samba and Posix accounts into the same LDAP store keeps things very tidy and removes any mapping issues that may exist between ‘virtual’ Samba users and their ‘real’ Posix user accounts.

On a server console open Yast.

  • Select Security and Users -> Edit and create users
  • Go to Expert Options -> Authentication and User Sources
  • From the Configure dropdown select LDAP
  • Enter the base DN (o=sfs) and disable TLS/SSL encryption
  • Press the Advanced Configuration button. Set the administrator DN (cn=admin,o=sfs) and tick the Create Default Configuration Objects option. Press Next then Finish
It is more than likely pam_ldap and nss_ldap will need to be installed in order for Yast to complete this task. Just press Continue and Yast will do its thing.

 

Once complete you should be able to log in to your server via SSH using your LDAP users (as long as you create their home directories first). One thing to check is that your LDAP users and groups do not conflict with local users and groups (defined in /etc/passwd and /etc/group). If there is a conflict the local file version will always win out. To remove any conflicts by commenting out (or deleting) any duplicate entries in the /etc/passwd, /etc/group and /etc/shadow files.

If you go to phpLDAPAdmin you should have a tree that looks very similar to the one below: