ldapclient -v manual -a credentialLevel=anonymous -a defaultsearchbase=’dc=y,dc=com’ -a defaultServerList=ldapvip,ldap1,ldap2 -a serviceSearchDescriptor=passwd:ou=users,dc=y,dc=com?sub -a serviceSearchDescriptor=group:ou=Group,dc=y,dc=com -a serviceSearchDescriptor=netgroup:ou=Netgroups,dc=y,dc=com?sub -a serviceAuthenticationMethod=pam_ldap:simple
Copy pam.conf file over
scp /usr/lib/security/*mkhome*:
# ls -l /usr/lib/security/*mkhome*
lrwxrwxrwx 1 root root 36 Apr 23 2008 /usr/lib/security/pam_mkhomedir.so -> /usr/lib/security/pam_mkhomedir.so.1
-rwxr-xr-x 1 root root 12844 Apr 28 2008 /usr/lib/security/pam_mkhomedir.so.1
It seems pam_mkhomedir was compiled from: http://www.keutel.de/pam_mkhomedir/
cat /etc/pam.conf:
#
# Authentication management
#
# login service (explicit because of pam_dial_auth) #
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_unix_cred.so.1
login auth required pam_dial_auth.so.1
login auth binding pam_unix_auth.so.1 server_policy
login auth required pam_ldap.so.1
#
# rlogin service (explicit because of pam_rhost_auth) #
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth required pam_unix_cred.so.1
rlogin auth binding pam_unix_auth.so.1 server_policy
rlogin auth required pam_ldap.so.1
#
# rsh service (explicit because of pam_rhost_auth, # and pam_unix_auth for meaningful pam_setcred) #
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_cred.so.1
rsh auth binding pam_unix_auth.so.1 server_policy
rsh auth required pam_ldap.so.1
#
# PPP service (explicit because of pam_dial_auth) #
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_dial_auth.so.1
ppp auth binding pam_unix_auth.so.1 server_policy
ppp auth required pam_ldap.so.1
#
# Default definitions for Authentication management # Used when service name is not explicitly mentioned for authentication #
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_unix_cred.so.1
other auth binding pam_unix_auth.so.1 server_policy
other auth required pam_ldap.so.1
#
# passwd command (explicit because of a different authentication module) #
passwd auth binding pam_passwd_auth.so.1 server_policy
passwd auth required pam_ldap.so.1
#
# cron service (explicit because of non-usage of pam_roles.so.1) #
cron account required pam_unix_account.so.1
#
# Default definition for Account management # Used when service name is not explicitly mentioned for account management #
other account requisite pam_roles.so.1
#other account binding pam_unix_account.so.1 server_policy
other account sufficient pam_unix_account.so.1
other account required pam_ldap.so.1
#
# Default definition for Session management # Used when service name is not explicitly mentioned for session management #
other session required pam_unix_session.so.1
other session optional pam_mkhomedir.so.1 skel=/etc/skel/ umask=0022
#
# Default definition for Password management # Used when service name is not explicitly mentioned for password management #
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1 server_policy
#
# Support for Kerberos V5 authentication and example configurations can # be found in the pam_krb5(5) man page under the “EXAMPLES” section.
#
ppp auth required pam_unix_cred.so.1
ppp auth required pam_unix_auth.so.1
krlogin auth required pam_unix_cred.so.1
krlogin auth required pam_krb5.so.1
krsh auth required pam_unix_cred.so.1
krsh auth required pam_krb5.so.1
ktelnet auth required pam_unix_cred.so.1
ktelnet auth required pam_krb5.so.1
