> On 18 Jul 2019, at 21:51, Abhisheyk Deb wrote:
>
> Hi,
>
> This our current /etc/nsswitch file
>
> passwd: files ldap
> shadow: files ldap
> group: files ldap
> #initgroups: files
>
> #hosts: db files nisplus nis dns
> hosts: files dns myhostname
>
> # Example - obey
Hi,
This our current /etc/nsswitch file
passwd: files ldap
shadow: files ldap
group: files ldap
#initgroups: files
#hosts: db files nisplus nis dns
hosts: files dns myhostname
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#netw
> On 18 Jul 2019, at 02:56, Abhisheyk Deb wrote:
>
> Hi,
>
> We have a ldap group called ldapadmin defined on our LDAP servers running 389
> Directory Server.
>
> On the LDAP Client side. We have the following line added in /etc/sudoers
> %ldapadmin ALL=(ALL:ALL) ALL
>
> We are able to log
Hi Paul,
Thank you for your reply, apparently the LDAP client was configured using
nslcd. We have a similar configuration file called /etc/nslcd.conf and a
parameter called nss_initgroups_ignoreusers which I have set to ALLLOCAL.
This can be useful in case of unavailability of the LDAP server, whi
The one thing I would look at is your /etc/sssd/sssd.conf file. Assuming you
are configured for LDAP, you could exclude the the local admin account in the
[nss] section with the "filter_users" setting.
Example:
[nss]
filter_users = root,nagios,local_admin_acct
That should get SSSD to not look