Guix AD authentication trough nscld and pam

help-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Guix AD authentication trough nscld and pam

From:	Razvan Lixandru
Subject:	Guix AD authentication trough nscld and pam
Date:	Thu, 7 Dec 2023 18:34:42 +0200

Hey Guixers!

I'm trying to setup a machine where AD users can login without the
machine being joined to the domain.

I came up with the configuration here:
https://pastebin.pl/view/a7d13796

LDAP seems to connect fine and actually finds my test user, however
login daemon disagrees:

login[1496]: User not known to the underlying authentication module

Looking at /etc/pam.d/login:
account sufficient
/gnu/store/xcbb7yjr85zfsrssd7b8mr33aa6iv1wl-nss-pam-ldapd-0.9.12/lib/security/pam_ldap.so
account required pam_unix.so
auth sufficient
/gnu/store/xcbb7yjr85zfsrssd7b8mr33aa6iv1wl-nss-pam-ldapd-0.9.12/lib/security/pam_ldap.so
auth required pam_unix.so nullok
password required pam_unix.so sha512 shadow
session required
/gnu/store/lq8kisg6g9fif780mn20n7gaknpzm1dq-elogind-252.9/lib/security/pam_elogind.so
session sufficient
/gnu/store/xcbb7yjr85zfsrssd7b8mr33aa6iv1wl-nss-pam-ldapd-0.9.12/lib/security/pam_ldap.so
session optional pam_motd.so
motd=/gnu/store/mrk0km6gqw4zn20az2bqidvajps7yy93-motd
session required pam_loginuid.so
session required pam_env.so
session required pam_unix.so

I do notice password does not check ldap.

Does anyone have a working configuration I can look at?

Thanks,
Razvan

[Prev in Thread]

Current Thread

[Next in Thread]

Guix AD authentication trough nscld and pam, Razvan Lixandru <=

Prev by Date: Why bash-minimal is part of sbcl package
Next by Date: Re: Why does sbcl@2.3.7 depends on bash-minimal@5.1.16
Previous by thread: Why bash-minimal is part of sbcl package
Next by thread: Cannot run Docker container
Index(es):
- Date
- Thread