[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: LDAP Client Configs

On Mon, Dec 02, 2002 at 11:40:47AM -0500, Ben Falls wrote:
> I am attempting to set up LDAP authentication on a LINUX box, the LDAP
> server is already set up and being used for Windows logins. I have gotten 
> the LINUX (RH 7.3) config so that it does connect to the LDAP server, 
> however, I still have a couple of issues.
> 1) It seems that I must have a local account on the LINUX box that matches 
> the LDAP account name. Is this normal?

No, it is not.  Typically you would also use nss_ldap to allow the
system to retrieve information about users and groups directly from the
directory, and skip having local accounts altogether.  To do so, add
"ldap" to the "passwd:", "group:", and "shadow:" lines in
/etc/nsswitch.conf, or (since you mention you're using RHL) enable "Use
LDAP" in the "User Information Configuration" screen in authconfig.

> 2) When I do connect, it does authenticate to LDAP, however if I change my 
> password at the command prompt, it changes it in the OS not in LDAP (except 
> for the very first login). At that point I can login using either my LDAP 
> or system password. Any ideas what I am doing wrong?

The default configuration of RHL isn't intended to do password
synchronization between local files and a directory -- generally you
read information about a given user from one source (files, NIS, hesiod,
LDAP) and authenticate that user using one data source (files/NIS, LDAP,
Kerberos).  You can mix user information sources and authentication
methods (for example, NIS with Kerberos, Hesiod with Kerberos, LDAP with
Kerberos, LDAP with LDAP, even NIS with LDAP, but I wouldn't expect that
last setup to be common).



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []