- 论坛徽章:
- 0
|
pam.conf只动了这部分,其它都用原来默认的:
#######
#Test
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_unix_cred.so.1
other auth binding pam_unix_auth.so.1 server_policy
other auth required pam_ldap.so.1 debug
===================================================================================
ldap_client_file
#
# Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
#
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= dc1-ldap-32.domain.com, dc2-ldap-33.domain.com, dc1-ldap-55.domain.com, dc2-ldap-56.domain.com
NS_LDAP_SEARCH_BASEDN= dc=domain,dc=com
NS_LDAP_AUTH= tls:simple
NS_LDAP_SEARCH_REF= TRUE
NS_LDAP_SEARCH_SCOPE= sub
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_CACHETTL= 43200
NS_LDAP_PROFILE= dc1_prod_profile
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd: ou=People,dc=domain,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= group: ou=group,dc=domain,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= shadow: ou=People,dc=domain,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= netgroup: ou=Netgroup,dc=domain,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= auto.master: nisMapName=auto.master,dc=domain,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= auto.home: nisMapName=auto.home,dc=domain,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= auto_master: automountMapName=auto_master,dc=domain,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= auto_home: automountMapName=auto_home,dc=domain,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= auto_direct: automountMapName=auto_direct,dc=domain,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= sudoers: ou=sudoers,dc=domain,dc=com
NS_LDAP_BIND_TIME= 10
NS_LDAP_ATTRIBUTEMAP= automount: automountMapName=ou
NS_LDAP_ATTRIBUTEMAP= automount: automountKey=cn
NS_LDAP_ATTRIBUTEMAP= automount: automountInformation=nisMapEntry
NS_LDAP_OBJECTCLASSMAP= automount: automountMap=nisMap
NS_LDAP_OBJECTCLASSMAP= automount: automount=nisObject
=======================================================================================
ldap_client_cred
#
# Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
#
NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=domain,dc=com
NS_LDAP_BINDPASSWD= {NS1}ecc423aad0fe2349fd13
=======================================================================================
nsswitch.conf
#
# /etc/nsswitch.ldap:
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# uses LDAP in conjunction with files.
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
# the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
passwd: files ldap
shadow: files ldap
group: files ldap
netgroup: ldap
sudoers: files ldap
# consult /etc "files" only if ldap is down.
hosts: files
ipnodes: files
# Uncomment the following line and comment out the above to resolve
# both IPv4 and IPv6 addresses from the ipnodes databases. Note that
# IPv4 addresses are searched in all of the ipnodes databases before
# searching the hosts databases. Before turning this option on, consult
# the Network Administration Guide for more details on using IPv6.
#ipnodes: ldap [NOTFOUND=return] files
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
publickey: files
automount: ldap files
aliases: files ldap
# for efficient getservbyname() avoid ldap
services: files ldap
sendmailvars: files
auth_attr: files ldap
prof_attr: files ldap
project: files ldap
printers: user files nis nisplus xfn
[ 本帖最后由 fusm 于 2008-4-8 10:09 编辑 ] |
|
免费注册
发表于 2008-04-07 16:22
