sudo and LDAP
ACM Staff
acmstaff at gmail.com
Mon Jul 3 19:20:59 UTC 2006
Ok, so its working but I realized a slight problem today when went
back to check on things. Its not prompting for a password.
Sudoers isn't on NOPASSWD so I am assuming its my pam.d/sudo file.
What am I missing?
risk# cat /etc/pam.d/sudo
#
# $FreeBSD: src/etc/pam.d/su,v 1.16 2003/07/09 18:40:49 des Exp $
#
# PAM configuration for the "su" service
#
# auth
auth sufficient pam_rootok.so no_warn
auth sufficient pam_self.so no_warn
auth sufficient /usr/local/lib/pam_ldap.so no_warn
auth requisite pam_group.so no_warn
group=wheel root_only fail_safe
auth include system
# account
account sufficient /usr/local/lib/pam_ldap.so no_warn
account include system
# session
session sufficient /usr/local/lib/pam_ldap.so no_warn
session required pam_permit.so
Thanks
Jim
On 7/2/06, Dan Nelson <dnelson at allantgroup.com> wrote:
> In the last episode (Jul 02), ACM Staff said:
> > Ok, so I am running a box with 6.0-STABLE
> >
> > Problem is I can't get sudo working for my LDAP based users. I
> > compiled sudo from the ports tree with LDAP support. Here is some
> > output
> >
> > as a user:
> >
> > notroot at risk:~$ id notroot
> > uid=2018(notroot) gid=200(acm) groups=200(acm), 203(officers),
> > 201(staff), 204(staffers)
> > notroot at risk:~$ sudo ls
> > Password:
> > Sorry, try again.
>
> Have you created a pam.d/sudo file, or edited your pam.d/other file to
> include pam_ldap.so? I recommend copying the pam.d/su file, then
> editing pam.d/system to include pam_ldap.so.
>
> --
> Dan Nelson
> dnelson at allantgroup.com
>
More information about the freebsd-questions
mailing list