Skip navigation


This screencast continues on with the ldap server we setup in the previous screencast, but this time we will configure another server ( to authenticate its users against our LDAP. This is a concept known as centralised user authentication, where by we can store all our users and their credentials on one server. The screencast is basically a walk through of the changes that need to be made to PAM (pluggable authentication modules) which Linux uses to determine how users should be authenticated when logging in.

I have to apologise for the screw up at the end. I had changed my example users password and forgotten about it until I came to do the screencast, hopefully you’ll get the idea.

Note: If you haven’t come across PAM before it is advisable to have a quick skim though this very good introduction before trying to configure PAM.


apt-get install libpam-ldap nscd

cd /etc/
emacs nsswitch.conf
  passwd: ldap compat
  group:  ldap compat
  shadow: ldap compat

cd /etc/pam.d/
edit each of the following files...
* common-auth
  (edit)   auth [success=1 default=ignore] nullok_secure
  (add)    auth required use_first_pass
  (add)    auth required

* common-account
  (edit) account sufficient
  (add)  account required

* common-session
  (add) session required skel=/etc/skel/ umask=0022

* common-password
  (edit) password sufficient nullok obscure md5
  (add)  password required

invoke-rc.d nscd restart


 Subscribe in a reader



  1. Thanks for the helpful videos, i do hope that you can make some other for tunneling in ubuntu, and openvpn


    • No problem, thanks for watching, I’m glad I could be of some help.

      I had planned to cover OpenVPN (or possibly OpenS/WAN which I’ve used for a company before) but not for some time unfortunatly. I will be covering OpenLDAP + TLS before the end of the weekend, and then delving into integrating Kerberos for user authentication.

      Hopefully I find time to keep doing these videos as I enjoy learning about the software while I’m putting them together but I have been quite busy recently. Thanks again for the feed back.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: