Ldap
無法使用 KDM 和 SSSD 登錄,但可以從控制台正常工作
我使用 SSSD 設置了 LDAP 身份驗證,並且可以通過控制台和 ssh 正常登錄。但是,當我嘗試通過 KDM 登錄時,它只是說身份驗證失敗……更具體地說:
Jan 9 10:29:11 adams20420 sssd[be[default]]: Failed to set LDAP SASL nocanon option to true. If your system is configured to use SASL, LDAP operations might fail. Jan 9 10:29:24 adams20420 kdm: :1[4560]: PAM pam_parse: expecting return value; [...sufficeint] Jan 9 10:29:24 adams20420 kdm: :1[4560]: PAM unable to dlopen(/lib64/security/pam_console.so): /lib64/security/pam_console.so: cannot open shared object file: No such file or directory Jan 9 10:29:24 adams20420 kdm: :1[4560]: PAM adding faulty module: /lib64/security/pam_console.so Jan 9 10:29:24 adams20420 kdm: :1[4560]: pam_ldap: ldap_starttls_s: Operations error Jan 9 10:29:24 adams20420 kdm: :1[4560]: pam_unix(kde:auth): authentication failure; logname= uid=0 euid=0 tty=:1 ruser= rhost= user=igierl1這是 pam.d/kdm
auth required pam_env.so auth substack system-auth account required pam_nologin.so account include system-auth password include system-auth session required pam_loginuid.so session optional pam_console.so session optional pam_keyinit.so force revoke session required pam_namespace.so session include system-auth系統認證:
auth sufficient pam_ldap.so auth required pam_env.so auth required pam_unix.so try_first_pass likeauth nullok auth optional pam_permit.so account sufficient pam_ldap.so account required pam_unix.so account optional pam_permit.so password sufficeint pam_ldap.so password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow password optional pam_permit.so session required pam_limits.so session required pam_env.so session required pam_unix.so session optional pam_ldap.so session optional pam_permit.so
您拼寫錯誤,
sufficient如sufficeint./etc/pam.d/system-auth而且您似乎沒有直接使用 sssd ;你打電話
pam_ldap.so而不是pam_sss.so.