如果AD认证不通过则使用linux系统认证。
/etc/ldap.conf:
host 192.168.1.1
base dc=mycompany,dc=local
binddn ldap@mycompany.local
bindpw Thisisaveryhardpassword
ldap_version 3
port 389
pam_filter objectclass=User
pam_login_attribute sAMAccountName
pam_password ad
ssl no
/etc/pam.d/dovecot:
#%PAM-1.0
auth required pam_nologin.so
auth sufficient pam_ldap.so
auth required pam_stack.so service=system-auth
account sufficient pam_ldap.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
/etc/pam.d/smtp:
#%PAM-1.0
auth sufficient pam_ldap.so
auth required pam_stack.so service=system-auth
account sufficient pam_ldap.so
account required pam_stack.so service=system-auth
/etc/sysconfig/saslauthd:
# Directory in which to place saslauthd's listening socket, pid file, and so
# on. This directory must already exist.
SOCKETDIR=/var/run/saslauthd
# Mechanism to use when checking passwords. Run "saslauthd -v" to get a list
# of which mechanism your installation was compiled to use.
#MECH=shadow
MECH=pam
# Additional flags to pass to saslauthd on the command line. See saslauthd(8)
# for the list of accepted flags.
FLAGS=
参考:
http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/ref-guide/s1-pam-modules.html