Re: trouble with pam-ldap
OK, as per the suggestions given, I've changed my pam config files to read:
/etc/pam.d/common-account:
account sufficient pam_ldap.so
account required pam_unix.so try_first_pass
/etc/pam.d/common-auth:
auth sufficient pam_ldap.so
auth required pam_unix.so try_first_pass
/etc/pam.d/common-session:
session sufficient pam_ldap.so
session required pam_unix.so try_first_pass
/etc/pam.d/common-password:
password sufficient pam_ldap.so
password sufficient pam_unix.so try_first_pass nullok obscure min=4
max=8 md5
Also, I modified nsswitch.conf to read:
passwd: files ldap
group: files ldap
shadow: files ldap
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
Now I can log in as jeremy.brown (although my home directory doesn't
exist on this machine), but once logged in my user name becomes "I have
no name!":
login as: jeremy.brown
Password:
Last login: Wed Oct 13 10:44:16 2004 from 172.28.2.124
Could not chdir to home directory /home/jeremy.brown: No such file or
directory
I have no name!@file2:/$
Again, here are entries written to "/var/log/auth.log" while I'm logging in:
Oct 13 10:44:45 localhost sshd[3531]: Accepted keyboard-interactive/pam
for jeremy.brown from ::ffff:172.28.2.124 port 1291 ssh2
Oct 13 10:44:45 localhost sshd[3531]: nss_ldap: reconnecting to LDAP
server...
Oct 13 10:44:45 localhost sshd[3531]: nss_ldap: reconnected to LDAP
server after 1 attempt(s)
I thought maybe this was a problem with my LDAP structure, but oddly
enough I can chown a file to "jeremy.brown", and it works:
file2:/tmp# touch testfile
file2:/tmp# ls -l testfile
-rw-r--r-- 1 root root 0 Oct 13 10:48 testfile
file2:/tmp# chown jeremy.brown testfile
file2:/tmp# ls -l testfile
-rw-r--r-- 1 jeremy.brown root 0 Oct 13 10:48 testfile
file2:/tmp# chown fake.user testfile
chown: `fake.user': invalid user
To me this indicates that nss_ldap is working. So why can't bash figure
out my username when I log in?
Thanks in advance,
Jeremy
Reply to: