Re: samba/ldap/nss
Jamie Thompson wrote:
> Chris wrote:
>> OK - I've decided to look into using a debian box as a PDC using a
>> combination of samba and openldap (this is on sid).
>>
>
> <snip>
> Yeah, I did this as well, though I stick to testing. Works nicely.
Hmm. Not going so well here.
In /etc/nsswitch.conf
passwd: ldap compat
group: ldap compat
shadow: ldap compat
getent passwd | grep chris returns
chris:x:1000:100:Chris Searle,,,:/home/chris:/bin/bash
chris:x:1000:100:Chris Searle,,,:/home/chris:/bin/bash
pam.d/common-account contains
account sufficient pam_ldap.so
account required pam_unix.so
common-auth contains:
auth sufficient pam_ldap.so
auth required pam_unix.so nullok_secure
and common-password contains:
password sufficient pam_ldap.so
password required pam_unix.so nullok obscure min=4 max=8 md5
Now - if I remove my entry from /etc/passwd and then try to login I just
get returned to the login: prompt. Nothing appearing in auth.log.
The ldap entry for the user is present (as can be shown with getent) -
so - why can't I log in?
Some notes - this system originally used /etc/passwd and /etc/shadow.
The migration scripts that created the ldap entry did some kind of
merge. So - the ldap record looks like:
# chris, People, home.chrissearle.org
dn: uid=chris,ou=People,dc=home,dc=chrissearle,dc=org
uid: chris
cn: Chris Searle
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}<lots of chars here>
shadowLastChange: 11970
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 100
homeDirectory: /home/chris
gecos: Chris Searle,,,
What have I added to ldap - well - the dc=home,dc=chrissearle,dc=org
organisation, the ou People and this user. Nothing else as yet.
Any ideas as to why I can't login?
--
Chris Searle
chris@chrissearle.org http://www.chrissearle.org
Reply to: