Linux uses PAM_LDAP for Windows AD authentication

There are many ways to configure Linux through ad authentication, such as the Winbind method used by Samba. Here I use is PAM_LDAP way, online has a lot of such related articles, are the official online step by step, first with nsswitch.conf, and then with Ldap.conf. The role of configuration nsswitch.conf is to tell the system where to get the user's PW information (such as Getpwnam,getpwuid), and sometimes we usually want to configure the account in the system's/etc/passwd, only need to use AD as a certification, It is not necessary to follow the steps of the official website step by step.

First line Download Pam_ldap

wget http://www.padl.com/download/pam_ldap.tgz

Unzip the build installation:

TAR-XZVF pam_ldap.tgz

CD PAM_LDAP

./configure--PREFIX=/USR--sysconfdir=/etc

mv/usr/lib/security/pam_ldap.so/lib64/security/

Modify/etc/ldap.conf as follows

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/53/81/wKiom1Rpbdyi5j2aAAC7ugEr10U339.jpg "title=" 151324 _1nqr_727579.png "alt=" Wkiom1rpbdyi5j2aaac7uger10u339.jpg "/>

Contact the friend of AD, I want to be able to understand at a glance, if need debugging can turn on debug and LogDir, so can know error message.

Modify the/etc/pam.d/system-auth Add Red box section as follows:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/53/7F/wKioL1RpblvQ-iYGAACiULhs1_4002.jpg "title=" 151633 _fors_727579.png "alt=" Wkiol1rpblvq-iygaaciulhs1_4002.jpg "/>

Create a new user in the ad, at the same time in the Linux system to build the same user name account, do not set a password, try to use the ad password to login.

----------------------------The following is another user's configuration scheme---------------------------------------------

The idea of Linux using the Windows AD account to sign in to the Linux shell through LDAP is cool.

Previously configured once, but too long forgotten, therefore, today the configuration method is recorded.

Let's talk about the environment:

Domain Control Server: 1.1.1.1 Domain name 123.cc DNS is domain control.

Linux is CentOS 5.4, which uses the PAM authentication method to authenticate LDAP.

Configure the domain on Windows, and only note that you are installing the DNS service. After the domain is configured, use the static IP, and in the Windows network card Configuration DNS place, fill in their own IP, That is, 1.1.1.1, at the same time, create a new user in the domain, the www.linuxidc.com username is the user bar, password because of Windows complexity password requirements, using 123qweASD.

Linux configuration is simpler, see the configuration file:

# cat/etc/ldap.conf
Host 1.1.1.1//domain-controlled IP
Base DC=123,DC=CC
Uri ldap://1.1.1.1/The URI of the//LDAP server, which is generally only required to change the IP
Binddn cn=user,cn=users, dc=123,dc=cc//DC needs to be entered in each byte of the domain name. CN is a user and user group.
BINDPW 123qweASD//authentication user's password.
Scope Sub
Debug 1
Logdir/var/log
Pam_login_attribute sAMAccountName
Pam_filter Objectclass=user
Pam_password AD
#pam_member_attribute Uniquemember
PAM_GROUPDN ou=groups,dc=123,dc=cc?sub//ou is group, DC ibid.

# Cat/etc/security/group.conf | Grep-v "#"
* ; * ; * ; al0000-2400; Floppy, audio, CDROM, video, USB, Plugdev, burning, users//This file does not need to be modified.

OK, the configuration is complete. When logged in, use the account password in the domain to log in.

This article is from the "Anthony Big Group" blog, please be sure to keep this source http://52czy.blog.51cto.com/3704825/1577341

Linux uses PAM_LDAP for Windows AD authentication