openldap trouble
Yang Xiao
yxiao2004 at gmail.com
Wed Oct 26 14:08:07 UTC 2005
Hi all,
I'm running openldap-2.2.23-5 on FC4 with nss_ldap, I'm was able start the
server and populate the db using smbldap-tool, ldapsearch works,
smbldap-useradd works, but I can't seem to make name switch to work, I tried
both "files ldap" and "compat ldap" for passwd/shadow/group, PAM system-auth
seems to be ok.
I think I should be able to see the ldap users when I do "getent passwd",
but this only shows the passwd file content.
please help!
Many thanks!
- Yang
#system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so broken_shadow
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account [default=bad success=ok user_unknown=ignore]
/lib/security/$ISA/pam_ldap.so
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5
shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so
#NSSWITCH
passwd: compat ldap
group: compat ldap
hosts: files dns
networks: files dns
services: files ldap
protocols: files ldap
rpc: files
ethers: files
netmasks: files
netgroup: files ldap
publickey: files
bootparams: files
automount: files ldap
aliases: files
shadow: compat ldap
#/etc/ldap.conf
host 127.0.0.1 <http://127.0.0.1/>
base dc=xxx,dc=com
# stored in /etc/ldap.secret (mode 600)
rootbinddn cn=nssldap,ou=DSA,dc=xxx,dc=com
nss_base_passwd ou=Users,dc=xxx,dc=com?one
nss_base_passwd ou=Computers,dc=xxx,dc=com?one
nss_base_shadow ou=Users,dc=xxx,dc=com?one
nss_base_group ou=Groups,dc=xxx,dc=com?one
pam_password md5
ssl no
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20051026/e4dd168e/attachment-0001.htm>
More information about the fedora-list
mailing list