Re: [nssldap] wireshark shows successful ldap searches, but no nss or pam stuff works
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: [nssldap] wireshark shows successful ldap searches, but no nss or pam stuff works
- From: philoertel <phillipao [at] gmail.com>
- To: nssldap [at] padl.com
- Subject: Re: [nssldap] wireshark shows successful ldap searches, but no nss or pam stuff works
- Date: Fri, 17 Jul 2009 08:24:27 -0700 (PDT)
Thanks for the responses!
See I saw a post somewhere else suggesting there might be a problem with not
having uid and gid. But I thought this was a common thing and there must be
a way. I definitely don't have uid in AD. If I can get my AD admins to work
with me, can I just add random uids (>1000)? I don't really understand why
they have to be there for this to work, so I can't figure out if there's a
reasonable workaround.
I have users both local and remote because remote doesn't work! But I think
this is the normal way right? Because root's always going to be local? And
at any rate it shouldn't cause any problems.
Guillaume Rousse wrote:
>
> philoertel a écrit :
>> I'm at wit's end. I'm trying to set up pam on my Debian 4.1.2 box to
>> authenticate people against our AD server. But I've broken everything. I
>> can
>> ssh and su as root. ssh as my regular user (who's both in ldap and
>> /etc/passwd) just hangs. ssh or su as any user in ldap but not in
>> /etc/passwd errors: "unknown id: test". getent passwd shows only users in
>> /etc/passwd. id root works, id poertel (me) hangs, and id <ldap-user>
>> fails
>> with id: <ldap-user>: No such user. libnss-ldap is installed, and strace
>> shows su is checking nss, or at least it's opening the config files.
> Not really what you expect, but:
> - why do you have users both in local (/etc/passwd) and remote (ldap)
> databases ?
> - are you sure AD has enough informations to be used as a Unix account
> database ? More specifically, I don't think there is anything as gid and
> uid there...
>
> --
> BOFH excuse #92:
>
> Stale file handle (next time use Tupperware(tm)!)