sudo and LDAP

ACM Staff acmstaff at gmail.com
Mon Jul 3 19:20:59 UTC 2006


Ok, so its working but I realized a slight problem today when went
back to check on things. Its not prompting for a password.

Sudoers isn't on NOPASSWD so I am assuming its my pam.d/sudo file.
What am I missing?

risk# cat /etc/pam.d/sudo
#
# $FreeBSD: src/etc/pam.d/su,v 1.16 2003/07/09 18:40:49 des Exp $
#
# PAM configuration for the "su" service
#

# auth
auth            sufficient      pam_rootok.so           no_warn
auth            sufficient      pam_self.so             no_warn
auth            sufficient      /usr/local/lib/pam_ldap.so no_warn
auth            requisite       pam_group.so            no_warn
group=wheel root_only fail_safe
auth            include         system

# account
account         sufficient      /usr/local/lib/pam_ldap.so no_warn
account         include         system

# session
session         sufficient      /usr/local/lib/pam_ldap.so no_warn
session         required        pam_permit.so

Thanks
Jim

On 7/2/06, Dan Nelson <dnelson at allantgroup.com> wrote:
> In the last episode (Jul 02), ACM Staff said:
> > Ok, so I am running a box with 6.0-STABLE
> >
> > Problem is I can't get sudo working for my LDAP based users. I
> > compiled sudo from the ports tree with LDAP support.  Here is some
> > output
> >
> > as a user:
> >
> > notroot at risk:~$ id notroot
> > uid=2018(notroot) gid=200(acm) groups=200(acm), 203(officers),
> > 201(staff), 204(staffers)
> > notroot at risk:~$ sudo ls
> > Password:
> > Sorry, try again.
>
> Have you created a pam.d/sudo file, or edited your pam.d/other file to
> include pam_ldap.so?  I recommend copying the pam.d/su file, then
> editing pam.d/system to include pam_ldap.so.
>
> --
>         Dan Nelson
>         dnelson at allantgroup.com
>


More information about the freebsd-questions mailing list