-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Kevin- Cool! I'm glad to hear that you got it. What all, besides the kerb flags, was wrong? Why were you having to log in twice? I just pam/nss'd a system against M$'s active directory using SFU3.5. Seems to be working just fine, believe it or not, using the map commands. If you're interested, I'll send you the setup. Tobias
Kevin Williams wrote:
| AH! I finally figured it out (Learned all about strace in the process:) | ) | | As an FYI--if anyone out there is installing/using gentoo, and is | thinking about kerberos, make sure you don't use both krb4 and kerberos | (different distributors) in your use flags. The system gets confused as | to which to use! | | Kevin | | On Sun, 2004-07-25 at 23:23, Kevin Williams wrote: | |>All, |> |>I'm hoping someone can point me in the right direction for solving this |>issue. I'm trying to set up my NSS to use ldap via PAM (nss_ldap). From |>all the docs, this should be a piece of cake. Not for me though! I'm |>running on Gentoo Linux with OpenLdap 2.1.26 |> |>>From what I've read, I have to configure the following files: |>1. /etc/ldap.conf |>2. /etc/nsswitch.conf |>3. /etc/pam.d/system-auth |> |>Here's what I put in each file: |>ldap.conf: |> |>host 127.0.0.1 |>base dc=tarity,dc=com |>binddn cn=Manager,dc=tarity,dc=com |>bindpw PASSWORD |>pam_password exop |>scope sub |>nss_base_passwd ou=People,dc=tarity,dc=com |>nss_base_shadow ou=People,dc=tarity,dc=com |>nss_base_group ou=Group,dc=tarity,dc=com |> |>nsswitch.conf: |>(modified these three lines) |>passwd: files ldap |>shadow: files ldap |>group: files ldap |>... |> |>etc/pam.d/system-auth (added the following lines) |>auth sufficient /lib/security/pam_ldap.so |>account sufficient /lib/security/pam_ldap.so |>password sufficient /ib/security/pam_ldap.so use_first_pass use_authtok |>session sufficient /lib/security/pam_ldap.so |> |>I've populated the LDAP database to be used as a windows domain controller, |>so I should have Domain and Administrator entries in the LDAP Database and |>NOT in the group or passwd files. Testing the system, I SHOULD get results |>returned when I use this command: |>getent group | grep Domain |>getent passwd | grep Administrator |> |>I'm pretty sure it's a config issue since I don't have anything showing up |>in my ldap log file. I don't have any log messages of the command at all |>(which is why I'm now stumped)! Does anyone see a configuration error that |>I might have, or have any advice for troubleshooting this issue? |> |>On a side note...I now get 2 password fields whenever I su. |>$su |>Password: |>Password: |> |>Would this be trying to authenticate via ldap, and then unix? I'm guessing |>this is due to a configuration change. When I make these changes, do I need |>to restart a daemon? |> |>Thanks! |> |>Kevin Williams |> |> |>_______________________________________________ |>PDXLUG mailing list |>[EMAIL PROTECTED] |>http://pdxlug.org/mailman/listinfo/pdxlug | | _______________________________________________ | PDXLUG mailing list | [EMAIL PROTECTED] | http://pdxlug.org/mailman/listinfo/pdxlug
- -- - --------------------------------------------------- ~ L I N U X .~. ~ The Choice /V\ ~ of a GNU /( )\ ~ Generation ^^-^^ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBCScg8SyNUqEG5J0RAnezAKC5UV9CDSrnpP5Y+Z7zomNfR6ustgCdE0H0 nKar1LDEKHZvxSYPwYYF5DA= =wZ8m -----END PGP SIGNATURE----- _______________________________________________ PDXLUG mailing list [EMAIL PROTECTED] http://pdxlug.org/mailman/listinfo/pdxlug