Re: Upgrade from 0.7 to 0.8 having auth problems

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Andy Colson <andy [at] squeakycode.net>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: Upgrade from 0.7 to 0.8 having auth problems
Date: Fri, 23 Nov 2012 21:36:37 -0600

On 11/22/2012 4:19 PM, Arthur de Jong wrote:

On Wed, 2012-11-21 at 16:28 -0600, Andy Colson wrote:

I used this to build all the different packages to install:

http://slackbuilds.org/repository/14.0/system/nss-pam-ldapd/


I got it working without too many issues. This is what I did:

<SNIP>

   add ldap to the end of every service in /etc/nsswitch.conf (but only
   passwd and group should be required)
   add the following line to /etc/nsswitch.conf:
     shadow:         files ldap


<SNIP>

after starting nslcd we do some tests:
# getent passwd ecolden
ecolden:x:5972:1000:Estelle Colden:/home/ecolden:/bin/bash
# getent shadow ecolden
ecolden:kvho1EyqGnBdE:12302:::7:2::0

It is important to note that the passwd entry has an x in the password
field and the shadow entry has a hash that is not prefixed with {SMD5}
or similar. The passwd x indicates that the password is in the shadow
database and the hash needs to be in one of the supported formats (at
least that is the case for pam_unix). For this test I changed the
hashing in the LDAP server for this test user to an old crypt hash.


So all in all I got everything working quite easily but I couldn't
reproduce the issue :(

Ah! I do not have a shadow entry in my /etc/nsswitch.conf file.Without it I get:


root@mapper:~# getent passwd andyc
andyc:*:1000:100:Andy Colson:/home/andy:/bin/bash

root@mapper:~# getent shadow andyc
andyc:KrRHogoozVZWA:::::::0


Note the *. After I add the shadow line, I get the x:

root@mapper:~# getent passwd andyc
andyc:x:1000:100:Andy Colson:/home/andy:/bin/bash

root@mapper:~# getent shadow andyc
andyc:KrRHogoozVZWA:::::::0


And I can login to it as well.  I'd say that shadow line is required.

Thank you very much for going through that much work. Is there any wayI can repay the favor?


-Andy
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

Re: Upgrade from 0.7 to 0.8 having auth problems, (continued)

Prev by Date: Re: Upgrade from 0.7 to 0.8 having auth problems
Next by Date: Re: Upgrade from 0.7 to 0.8 having auth problems
Previous by thread: Re: Upgrade from 0.7 to 0.8 having auth problems
Next by thread: Re: Upgrade from 0.7 to 0.8 having auth problems