Re: Re: problems with nslcd
[Date Prev][Date Next] [Thread Prev][Thread Next]Re: Re: problems with nslcd
- From: Patrick Hornecker <phornecker [at] googlemail.com>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: Re: problems with nslcd
- Date: Tue, 25 Jan 2011 16:44:19 -0800
Hi Ryan,
thanks for your respones. I'll try to give you a better description of my problems.
To expire accounts we're using the ldap "shadowExpire" value. We're using one central OpenLDAP server, to which the clients are connecting on login. The clients are running either Ubuntu 8.04 or 10.04. Installed packages on the clients are autofs-ldap, ldap-utils, libnss-ldap, nfs-common, nss-updatedb and nscd. All packages have been installed from the ubuntu package repositories.
Due to some problems with switching to the superuser (simply using the 'su'-command, typing the password and then becoming root wasn't working on some computers anymore) I found a fix which said I should also install the nslcd package from the ubuntu repository, which fixed the su issue.
Since then the problem with the expired accounts occured.
/var/log/auth.log:
server1 su[20732]: Successful su for AAA by BBB
server1 su[20732]: + /dev/pts/2 BBB:AAA
server1 su[20732]: pam_unix(su:session): session opened for user AAA by BBBB(uid=1234)
--------------------------------------------------------------------------------------------------------------------------------------
/etc/ldap/ldap.conf:
URI ldaps://ldap.server.name.com
TLS_CACERT /etc/ssl/certs/ldap.pem
TLS_REQCERT never
--------------------------------------------------------------------------------------------------------------------------------------
/etc/nslcd.conf
# The user and group nslcd should run as.
uid nslcd
gid nslcd
# The location at which the LDAP server(s) should be reachable.
uri ldaps://fantasio.informatik.uni-freiburg.de
# The search base that will be used for all queries.
base dc=search,dc=base,dc=com #replaced the original base
# The LDAP protocol version to use.
#ldap_version 3
# The DN to bind with for normal lookups.
#binddn cn=annonymous,dc=example,dc=net
#bindpw secret
# SSL options
#ssl off
tls_reqcert never
If you are missing any information, don't hestitate to write me an email.
Regards
Patrick
-- To unsubscribe send an email to nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see http://lists.arthurdejong.org/nss-pam-ldapd-users
- problems with nslcd,
Patrick Hornecker
- Re: problems with nslcd, Ryan Steele
- <Possible follow-ups>
- Re: Re: problems with nslcd, Patrick Hornecker
- Re: Re: problems with nslcd,
Arthur de Jong
- Re: Re: problems with nslcd,
Patrick Hornecker
- Re: Re: problems with nslcd,
Arthur de Jong
- Re: Re: problems with nslcd, Patrick Hornecker
- Re: Re: problems with nslcd,
Arthur de Jong
- Re: Re: problems with nslcd,
Patrick Hornecker
- Prev by Date: Re: problems with nslcd
- Next by Date: Re: Re: problems with nslcd
- Previous by thread: Re: problems with nslcd
- Next by thread: Re: Re: problems with nslcd