Authentication and group/username resolving problem
Nalin Dahyabhai
nalin at redhat.com
Thu Oct 21 17:48:58 UTC 2004
On Thu, Oct 21, 2004 at 10:37:22AM -0700, Mark wrote:
> I have LDAP setup to do userid, groupid and password handling for me.
> I added "ldap" to 3 categories in nsswitch: passwd, shadow and group
> Do I need to add LDAP to any others?
>
> The problem I have is the following:
> I can logon with a user (for example bob) that is setup in the LDAP
> directory and does not exist locally.
> When bob logs in, there is are error messages saying :
> id: cannot find name for user ID 20002
> id: cannot find name for group ID 20001
> id: cannot find name for group ID 20003
> id: cannot find name for group ID 20002
> id: cannot find name for group ID 20000
>
> If bob does "finger bob" or "groups bob", it says no such user.
>
> If root does "finger bob" or "groups bob", everything comes up fine.
>
> Is this a permission problem that prevents users other than root to use
> LDAP?
Nine times out of ten, this means that the permissions on
/etc/nsswitch.conf are set up so that root can read it but bob can't, so
applications which bob runs fall back to glibc's compiled-in defaults
for the settings which are stored in that file.
HTH,
Nalin
More information about the fedora-list
mailing list