bareos 18.2.5 webui pam_ldap authentication

295 views
Skip to first unread message

Tam Angustia

unread,
May 1, 2019, 11:04:05 AM5/1/19
to bareos-users
Has anyone implemented an ldap authentication on the latest stable release of bareos (18.2.5)?
If so, would you mind sharing the details on how you were able to implement it?

I have tested it but it seems that it doesnt work, 18.2.5 bareos only works with pam_unix.so.

I am trying to approach how to automate creating tenants thats why im exploring this concept.

I will either test out a php-pam reset password or explore further the ldap one.

Hopefully will update this post as well

Frank Ueberschar

unread,
May 2, 2019, 3:07:06 AM5/2/19
to bareos...@googlegroups.com
Would you mind to share details about your implementation where it fails
(logfiles from the director, etc.)?


Am 01.05.19 um 17:04 schrieb Tam Angustia:
--
Mit freundlichen Grüßen

Frank Ueberschar frank.ue...@bareos.com
Bareos GmbH & Co. KG Phone: +49 221 63 06 93-88
http://www.bareos.com Fax: +49 221 63 06 93-10

Sitz der Gesellschaft: Köln | Amtsgericht Köln: HRA 29646
Geschäftsführer: Stephan Dühr, M. Außendorf, J. Steffens, P. Storz

Tam Angustia

unread,
Jul 9, 2019, 3:53:24 AM7/9/19
to bareos-users
Hi Frank, I got it working with just affixing
" auth required pam_unix.so"
on the /etc/pam.d/bareos file

Ive also come to realize that any account on the ldap server can login even if our ldap server has whitelists on specific machines, nor console users written on the console directory under bareos-dir.d

A few things to note:

first, in order to test the local machine users,
I included bareos on the root group, modified /etc/shadows to 400, as this was currently 000 then tested a local user created on the machine with restricted ACLs.

This has worked without errors.

However, upon registering the machine to our ldap server, ordinary users, even without configuring on the console to be included, were able to login using their ldap accounts.

Even if I enrolled the user as console users to bareos and restricting ACL controls, still, full admin privileges are automatically given.

Message has been deleted

Tam Angustia

unread,
Jul 9, 2019, 7:00:23 AM7/9/19
to bareos-users
Edit.

Was able to get the local users to authenticate but not with ldap users. It seems i misconfigured something on the directors.ini so it allowed anything to login

Now Im determining on what modules to add on the /etc/pam.d/bareos file to finally allow ldap authentication

Tam Angustia

unread,
Jul 11, 2019, 11:46:39 PM7/11/19
to bareos-users
I got it working, and if anyone might be insterested.

I just used the sss module of pam since it was the one that handles authentication through our ldap server.

just affix this on your /etc/pam.d/bareos

"auth required pam_sss.so"

Reply all
Reply to author
Forward
0 new messages