RSS feed

Re: pam_unix succeeds unexpectedly with libnss-ldapd

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: pam_unix succeeds unexpectedly with libnss-ldapd

Christopher Price wrote:
> I am attempting to replace libnss-ldap with libnss-ldapd. I am running Ubuntu 
> 16.04 and controlling LDAP access via the pam_listfile module in 
> /etc/pam.d/common-account.
> /etc/pam.d/common-auth
> auth    required envfile=/etc/default/locale
> auth    sufficient nullok_secure
> auth    required use_first_pass
> /etc/pam.d/common-account
> account sufficient
> account required onerr=fail item=group sense=allow 
> file=/etc/
> account required

This works for me:

    auth required item=group sense=allow 
file=/etc/dovecot/dovecot-staff.master.groups onerr=fail
    @include common-auth
    @include common-account
    @include common-session

The most obvious thing I notice is that you're using pam_listfile in account, 
not auth.
This is contrary to the pam_listfile manpage examples.
To unsubscribe send an email to or see