lists.arthurdejong.org
RSS feed

Re: [nssldap] wireshark shows successful ldap searches, but no nss or pam stuff works

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: [nssldap] wireshark shows successful ldap searches, but no nss or pam stuff works



Thanks for the responses!

See I saw a post somewhere else suggesting there might be a problem with not
having uid and gid. But I thought this was a common thing and there must be
a way. I definitely don't have uid in AD. If I can get my AD admins to work
with me, can I just add random uids (>1000)? I don't really understand why
they have to be there for this to work, so I can't figure out if there's a
reasonable workaround.

I have users both local and remote because remote doesn't work! But I think
this is the normal way right? Because root's always going to be local? And
at any rate it shouldn't cause any problems.


Guillaume Rousse wrote:
> 
> philoertel a écrit :
>> I'm at wit's end. I'm trying to set up pam on my Debian 4.1.2 box to
>> authenticate people against our AD server. But I've broken everything. I
>> can
>> ssh and su as root. ssh as my regular user (who's both in ldap and
>> /etc/passwd) just hangs. ssh or su as any user in ldap but not in
>> /etc/passwd errors: "unknown id: test". getent passwd shows only users in
>> /etc/passwd. id root works, id poertel (me) hangs, and id <ldap-user>
>> fails
>> with id: <ldap-user>: No such user. libnss-ldap is installed, and strace
>> shows su is checking nss, or at least it's opening the config files.
> Not really what you expect, but:
> - why do you have users both in local (/etc/passwd) and remote (ldap) 
> databases ?
> - are you sure AD has enough informations to be used as a Unix account 
> database ? More specifically, I don't think there is anything as gid and 
> uid there...
> 
> -- 
> BOFH excuse #92:
> 
> Stale file handle (next time use Tupperware(tm)!)