Re: Local users
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: Local users
- From: Hugo Deprez <hugo.deprez [at] gmail.com>
- To: Arthur de Jong <arthur [at] arthurdejong.org>
- Cc: nss-pam-ldapd-users <nss-pam-ldapd-users [at] lists.arthurdejong.org>
- Subject: Re: Local users
- Date: Sun, 6 May 2012 22:54:11 +0200
Hello,
thank you for the information.
My pam configuration is like :
account sufficient pam_succeed_if.so uid < 1000 quiet
user from ldap are using ids > 1000
But Debian uses : UIDs 1000-29999 are normal user accounts.
So I have to find out how to split user localclly created et users
from the ldap.
Hugo
On 6 May 2012 21:12, Arthur de Jong <arthur@arthurdejong.org> wrote:
> On Sun, 2012-05-06 at 20:49 +0200, Hugo Deprez wrote:
>> I use nslcd without any issues except the fact that when a local user
>> connect to the system I get the following :
>>
>> nslcd[6216]: [b6c6bc] "supervision": user not found
>>
>> I was wondering if this is a configuration issue, or just the fact
>> that the user is not present in the ldap ?
>
> This message happens because the PAM modules asks nslcd to try to
> authenticate as the user. The message can be ignored in general.
>
> A way to avoid this is to pass the minimum_uid to the pam module but
> this is only possible of your LDAP users have a uid higher than local
> users. This works well if normal user accounts are generally from LDAP
> and system accounts are from flat files. System accounts (uid < 1000)
> are then not passed off to nslcd which cuts back on the noise.
>
> Btw, it is recommended to not serve system accounts from LDAP because of
> issues during boot or if the LDAP server is unavailable.
>
> --
> -- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
>
> --
> To unsubscribe send an email to
> nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
> http://lists.arthurdejong.org/nss-pam-ldapd-users/
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/