In my work world, everything is dominated by FreeBSD. I am trying to introduce Linux as we are already using older versions of CentOS with Issabel+Astersik PBX.
So in a test VM guest I installed Rocky Linux 10.1 [The hypervisor obviously is FreeBSD with B-hyve] and everything worked out of the box.
What I am trying to do and it is semi-broken, is to enable user authentication via our OpenLDAP with no SALS or any kind of encryption. Which means SSSD does not work. As far I can tell from my tests.
So I am trying to enable OpenLDAP authentication via nss-pam-ldap and oddjob-mkhomedir.
I am able to login, however I had to disable SELinux and the creation of home directories does not work.
Here are my configs so far:
/etc/nslcd.conf
uid nslcd
gid ldap
uri ldap://ldap
base dc=SuperView
timelimit 30
idle_timelimit 30
/etc/nsswitch.conf
passwd: files ldap systemd
shadow: files
group: files [SUCCESS=merge] systemd ldap
hosts: files dns myhostname
services: files
netgroup: files
automount: files
aliases: files
ethers: files
gshadow: files
networks: files dns
protocols: files
publickey: files
rpc: files
/etc/pam.d/password-auth
auth required pam_env.so
auth required pam_faildelay.so delay=2000000
auth sufficient pam_unix.so nullok try_first_pass
auth sufficient pam_ldap.so minimum_uid=1000 use_first_pass
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_ldap.so minimum_uid=1000
password requisite pam_pwquality.so
password sufficient pam_unix.so yescrypt shadow nullok use_authtok
password sufficient pam_ldap.so minimum_uid=1000 try_first_pass
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session sufficient pam_ldap.so minimum_uid=1000
session required pam_mkhomedir.so skel=/etc/skel/ umask=0077
/etc/pam.d/system-auth
auth required pam_env.so
auth required pam_faildelay.so delay=2000000
auth sufficient pam_unix.so nullok try_first_pass
auth sufficient pam_ldap.so minimum_uid=1000 use_first_pass
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_ldap.so
password requisite pam_pwquality.so
password sufficient pam_unix.so yescrypt shadow nullok use_authtok
password sufficient pam_ldap.so
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session sufficient pam_ldap.so minimum_uid=1000
session sufficient pam_mkhomedir.so skel=/etc/skel/ umask=0077
So when I am trying to ssh to it, it cannot change to /home/me: file or directory to do not exist. But it logs me in /
su - me. Same
Please let me know if you need any logs.
I am not sure what I am missing here.