[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Authentication and group/username resolving problem



On Thu, Oct 21, 2004 at 10:37:22AM -0700, Mark wrote:
> I have LDAP setup to do userid, groupid and password handling for me.
> I added "ldap" to 3 categories in nsswitch: passwd, shadow and group
> Do I need to add LDAP to any others?
> 
> The problem I have is the following:
> I can logon with a user (for example bob) that is setup in the LDAP
> directory and does not exist locally.
> When bob logs in, there is are error messages saying :
> id: cannot find name for user ID 20002
> id: cannot find name for group ID 20001
> id: cannot find name for group ID 20003
> id: cannot find name for group ID 20002
> id: cannot find name for group ID 20000
> 
> If bob does "finger bob" or "groups bob", it says no such user.
> 
> If root does "finger bob" or "groups bob", everything comes up fine.
>
> Is this a permission problem that prevents users other than root to use
> LDAP?

Nine times out of ten, this means that the permissions on
/etc/nsswitch.conf are set up so that root can read it but bob can't, so
applications which bob runs fall back to glibc's compiled-in defaults
for the settings which are stored in that file.

HTH,

Nalin


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]