Thanks - I plan to look in to SSSD, but was trying to work my way from "known" towards "unknown" :)
However, your reply hit one thing I forgot - I had not yet restarted nscd... that fixed the issue I was seeing and things appear to be working as expected now. Kevin -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Prentice Bisbal Sent: Thursday, December 02, 2010 9:45 AM To: [email protected] Subject: Re: [rhelv6-list] Problem with ldap Collins, Kevin [BEELINE] wrote: > I have been using pam/nss_ldap with RHEL3 thru RHEL5. I am starting to > test on RHEL6 and have run into a problem. > > > > I figured out that I need pam_ldap and nss-pam-ldapd, but I am having > some troubles getting things to work correctly. I think I have the > /etc/pam_ldap.conf and /etc/nslcd.conf files correct, but I am seeing > some strange behavior. > > > > As an example, I have an “oracle” ID in LDAP: > > > > # grep oracle /etc/passwd > > > > # getent passwd | grep ^oracle: > > oracle:No_Login*****:200:200:Oracle Owner:/oracle:/usr/bin/sh > > > > # getent passwd oracle > > > > # ldapsearch -LLL -x "(uid=oracle)" > > dn: uid=oracle,ou=People,dc=afis,dc=sr > > uid: oracle > > cn: Oracle Owner > > objectClass: account > > objectClass: posixAccount > > objectClass: top > > userPassword:: e2NyeXB0fU5vX0xvZ2luKioqKio= > > loginShell: /usr/bin/sh > > uidNumber: 200 > > gidNumber: 200 > > homeDirectory: /oracle > > gecos: Oracle Owner > > > > I can’t figure out why getent (or id, or groups, etc) can’t resolve > specific IDs from LDAP, but I can get obviously read the data... > > > > Any ideas? > Kevin, I was configuring PAM/LDAP/NSS on RHEL6 for the first time yesrerday myself. After getting nscd and nslcd configured correctly, I was able to make this work, but then I switched to using sssd for my name services/PAM. SSSD appears to be the RH "blessed" method for handling this sort of stuff, and if you ever use authconfig, it will configure sssd to perform these functions. You should look into switching to sssd, to avoid RH utils from "fixing" things for you in the future. Have you tried using strace on getent to see what functions are being called and what errors are being reports? I would also turn on logging on your ldap server and do a tail -f while running getent to see if search being performed by 'getent passwd oracle' is being tranformed into something other than what your server needs to get a result. -- Prentice _______________________________________________ rhelv6-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv6-list _______________________________________________ rhelv6-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv6-list
