I'm having difficulty getting this to work even in a basic case. I built and patched the PAM modules (pam-1.1.1), and copied the resulting pam-1.1.1/modules/pam_group/.libs/pam_group.so to /lib/security . Even after a reboot (if even necessary?), rules in /etc/security/group.conf continue to work as long as they don't reference LDAP groups. However, I can't get LDAP groups to work. I don't see any errors or warnings in /var/log/auth.log . What else can I do to debug?
I'm testing on a VM of Lucid 10.04 beta 2.
Here is a test group and user I setup in OpenLDAP:
*; *; %testPAMGroup; Al0000-2400; cdrom, audio, video
Test:
$ sudo su - mark-test
No directory, logging in with HOME=/
$ id
uid=10003(mark-test) gid=2000(users) groups=2000(users),2001(testPAMGroup)
Note that the session doesn't have any of the additional groups, e.g. cdrom.
If I replace the line in group.conf to :
*; *; mark-test; Al0000-2400; cdrom, audio, video
$ sudo su - mark-test
No directory, logging in with HOME=/
$ id
uid=10003(mark-test) gid=2000(users) groups=24(cdrom),29(audio),44(video),2000(users),2001(testPAMGroup)
I'm having difficulty getting this to work even in a basic case. I built and patched the PAM modules (pam-1.1.1), and copied the resulting pam-1.1. 1/modules/ pam_group/ .libs/pam_ group.so to /lib/security . Even after a reboot (if even necessary?), rules in /etc/security/ group.conf continue to work as long as they don't reference LDAP groups. However, I can't get LDAP groups to work. I don't see any errors or warnings in /var/log/auth.log . What else can I do to debug?
I'm testing on a VM of Lucid 10.04 beta 2.
Here is a test group and user I setup in OpenLDAP:
dn: cn=testPAMGroup ,ou=groups, dc=test, dc=ziesemer, dc=com
cn: testPAMGroup
gidnumber: 2001
memberuid: mark-test
objectclass: posixGroup
objectclass: top
dn: cn=mark- test,ou= people, dc=test, dc=ziesemer, dc=com mark-test
cn: mark-test
gidnumber: 2000
givenname: Mark
homedirectory: /home/users/
loginshell: /bin/sh
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: Ziesemer
uid: mark-test
uidnumber: 10003
Line added to /etc/security/ group.conf :
*; *; %testPAMGroup; Al0000-2400; cdrom, audio, video
Test:
$ sudo su - mark-test mark-test) gid=2000(users) groups= 2000(users) ,2001(testPAMGr oup)
No directory, logging in with HOME=/
$ id
uid=10003(
Note that the session doesn't have any of the additional groups, e.g. cdrom.
If I replace the line in group.conf to :
*; *; mark-test; Al0000-2400; cdrom, audio, video
$ sudo su - mark-test mark-test) gid=2000(users) groups= 24(cdrom) ,29(audio) ,44(video) ,2000(users) ,2001(testPAMGr oup)
No directory, logging in with HOME=/
$ id
uid=10003(