<div dir="ltr"><div>This is how we setup our tac_plus with libpam_ldap on ubuntu </div><div><br></div><div># sudo apt-get install build-essential libpam0g-dev gcc flex bison libwrap0-dev libpam-ldap<br></div><div># (compile tac_plus and it should find pam libraries)</div>
<div><br></div><div># cat /etc/pam.d/tac_plus </div><div>auth sufficient pam_ldap.so</div><div><br></div><div># cat /etc/tacacs.conf</div><div>....</div><div class="gmail_extra"><div class="gmail_extra">user = foo {</div>
<div class="gmail_extra"> login = PAM</div><div class="gmail_extra"> member = bar</div><div class="gmail_extra">}</div><div>...</div><div><br></div><div># cat /etc/ldap.conf</div><div><div>base ou=People,dc=example,dc=com</div>
<div>uri ldaps://<a href="http://192.168.1.10:1636">192.168.1.10:1636</a> ldaps://<a href="http://192.168.1.11:1636">192.168.1.11:1636</a></div><div>ldap_version 3</div><div>binddn uid=mybinduid,ou=people,dc=example,dc=com</div>
<div>bindpw secret</div><div>pam_password crypt</div><div>nss_initgroups_ignoreusers Gaxfrdns,Gdnscache,Gdnslog,Gtinydns,avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,hobbit,hplip,irc,kernoops,landscape,libuuid,lightdm,list,lp,mail,man,messagebus,news,ntp,proxy,pulse,root,rtkit,saned,sshd,sync,sys,syslog,usbmux,uucp,whoopsie,www-data</div>
</div><div><br></div><div><div># cat /etc/ldap/ldap.conf </div><div>TLS_CACERT<span class="" style="white-space:pre"> </span>/etc/ssl/certs/company.cer</div><div>TLS_REQCERT never</div></div><div><br></div><div><br></div>
<div>Hopefully I did not miss anything.</div><div><br></div><div><br></div><br><div class="gmail_quote">On Sun, Aug 4, 2013 at 12:28 PM, heasley <span dir="ltr"><<a href="mailto:heas@shrubbery.net" target="_blank">heas@shrubbery.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">If you're a user of tac_plus on linux with pam, I'd like to see your pam<br>
configuration to add to documentation to help others. I do not use linux<br>
or ldap, but others request configuration help often. TIA.<br></blockquote><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
_______________________________________________<br>
tac_plus mailing list<br>
<a href="mailto:tac_plus@shrubbery.net">tac_plus@shrubbery.net</a><br>
<a href="http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus" target="_blank">http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br>Asif Iqbal<br>PGP Key: 0xE62693C5 KeyServer: <a href="http://pgp.mit.edu">pgp.mit.edu</a><br>A: Because it messes up the order in which people normally read text.<br>
Q: Why is top-posting such a bad thing?<br><br>
</div></div>