lists.arthurdejong.org
RSS feed

Re: Local users

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Local users

Hello,

thank you for the information.

My pam configuration is like :
account     sufficient    pam_succeed_if.so uid < 1000 quiet

user from ldap are using ids > 1000

But Debian uses : UIDs 1000-29999 are normal user accounts.


So I have to find out how to split user localclly created et users
from the ldap.

Hugo

On 6 May 2012 21:12, Arthur de Jong <arthur@arthurdejong.org> wrote:
> On Sun, 2012-05-06 at 20:49 +0200, Hugo Deprez wrote:
>> I  use nslcd without any issues except the fact that when a local user
>> connect to the system I get the following :
>>
>> nslcd[6216]: [b6c6bc] "supervision": user not found
>>
>> I was wondering if this is a configuration issue, or just the fact
>> that the user is not present in the ldap ?
>
> This message happens because the PAM modules asks nslcd to try to
> authenticate as the user. The message can be ignored in general.
>
> A way to avoid this is to pass the minimum_uid to the pam module but
> this is only possible of your LDAP users have a uid higher than local
> users. This works well if normal user accounts are generally from LDAP
> and system accounts are from flat files. System accounts (uid < 1000)
> are then not passed off to nslcd which cuts back on the noise.
>
> Btw, it is recommended to not serve system accounts from LDAP because of
> issues during boot or if the LDAP server is unavailable.
>
> --
> -- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
>
> --
> To unsubscribe send an email to
> nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
> http://lists.arthurdejong.org/nss-pam-ldapd-users/
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/