* Guix AD authentication trough nscld and pam
@ 2023-12-07 16:34 Razvan Lixandru
0 siblings, 0 replies; only message in thread
From: Razvan Lixandru @ 2023-12-07 16:34 UTC (permalink / raw)
To: help-guix
Hey Guixers!
I'm trying to setup a machine where AD users can login without the
machine being joined to the domain.
I came up with the configuration here:
https://pastebin.pl/view/a7d13796
LDAP seems to connect fine and actually finds my test user, however
login daemon disagrees:
login[1496]: User not known to the underlying authentication module
Looking at /etc/pam.d/login:
account sufficient
/gnu/store/xcbb7yjr85zfsrssd7b8mr33aa6iv1wl-nss-pam-ldapd-0.9.12/lib/security/pam_ldap.so
account required pam_unix.so
auth sufficient
/gnu/store/xcbb7yjr85zfsrssd7b8mr33aa6iv1wl-nss-pam-ldapd-0.9.12/lib/security/pam_ldap.so
auth required pam_unix.so nullok
password required pam_unix.so sha512 shadow
session required
/gnu/store/lq8kisg6g9fif780mn20n7gaknpzm1dq-elogind-252.9/lib/security/pam_elogind.so
session sufficient
/gnu/store/xcbb7yjr85zfsrssd7b8mr33aa6iv1wl-nss-pam-ldapd-0.9.12/lib/security/pam_ldap.so
session optional pam_motd.so
motd=/gnu/store/mrk0km6gqw4zn20az2bqidvajps7yy93-motd
session required pam_loginuid.so
session required pam_env.so
session required pam_unix.so
I do notice password does not check ldap.
Does anyone have a working configuration I can look at?
Thanks,
Razvan
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-12-10 8:33 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-12-07 16:34 Guix AD authentication trough nscld and pam Razvan Lixandru
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).