RSS feed

pam_unix succeeds unexpectedly with libnss-ldapd

[Date Prev][Date Next] [Thread Prev][Thread Next]

pam_unix succeeds unexpectedly with libnss-ldapd

I am attempting to replace libnss-ldap with libnss-ldapd. I am running Ubuntu 16.04 and controlling LDAP access via the pam_listfile module in /etc/pam.d/common-account.


auth    required envfile=/etc/default/locale
auth    sufficient nullok_secure
auth    required use_first_pass


account sufficient

account required _onerr_=fail item=group sense=allow file=/etc/

account required

This works fine with libnss-ldap. When I switch to libnss-ldapd, LDAP users who are not part of a group listed in are able to login via SSH. I have narrowed the problem down to specifically the pam_unix module in common-account. Note that the pam_unix in common-auth does NOT succeed.

What am I doing wrong here?

To unsubscribe send an email to or see