Re: samba/ldap/nss
Jamie Thompson wrote:
> Have you tested that the authentication for PAM is working correctly?
> Try logging in using whatever auth you are using for it and check it can
> read the entiries it needs. libnss-ldap and pam_ldap have different
Did this. ldapsearch with a bind of
uid=chris,ou=people,dc=longship,dc=org searching ou=people for uid=chris
shows me (including userPassword - which is configured in slapd only
viewable for owner and admin).
> My files are:
>
> common-password:
> password sufficient pam_ldap.so ignore_unknown_user
> password required pam_unix.so try_first_pass nullok obscure min=4 max=8 md5
>
> common-auth:
> auth sufficient pam_ldap.so
> auth required pam_unix.so use_first_pass nullok_secure
>
> common-account:
> account sufficient pam_ldap.so
> account required pam_unix.so use_first_pass
>
> common-session:
> session required pam_unix.so
Copied this lot. Did a dpkg-reconfigure of libpam-ldap (keeping any
config - no changes) and now login works :) Getting closer :) Seems to
have solved the requirement on double password prompts too - that
use_first_pass is a useful one.
But - sudo complains
sudo: uid 1000 does not exist in the passwd file!
/etc/pam.d/sudo shows
@include common-auth
@include common-account
so that should be able to go via ldap - since it goes via the common files?
user chris is in the sudoers file with NOPASSWD access for shutdown and
reboot commands.
So - how to get sudo to play fair?
Am still trying to decide what should go in ldap (in terms of system
users and any groups) - but at least login is working :)
Until I've got login etc working just fine I'm going to wait with samba
config - one issue at a time methinks :)
--
Chris
Reply to: