Rob Owens wrote: > Currently my system seems to be working fine except that I can't su or > sudo from my regular user. I can log in as root. My users are all LDAP > authenticated. First, I don't know. But it does seem like there might be an LDAP interaction with sudo. Are you using "sudo-ldap" package for sudoers in ldap too? Or just sudo? > So maybe I just talked myself out of believing this is a a pam > problem... Check 'getent passwd USERNAME' and 'getent group GROUPNAME' to verify that your accounts are getting looked up okay. (Just brainstorming ideas.) > Back to LDAP. I saw some reference to unscd as a possible replacement > for nscd. I doubt LDAP is my real problem here, because local logins > and ssh password logins work find. I have had problems with nscd before. It tends to reorder entries in a non-traditional way. The file order is not preserved. It can therefore produce different results than when not using it. I consider that a serious bug but others disagree. I therefore always remove nscd whenever I encounter it. > Any suggestions where to look next? Check /var/log/auth.log for any message there? Check 'sudo -l' to list the user's sudo status dump? Sorry, no answers, just hopeful brainstorming. Bob
Attachment:
signature.asc
Description: Digital signature