LDAP users and local groups
Nick Fenger
nick at trilliumcharterschool.org
Wed Dec 17 17:27:05 GMT 2008
Nicolas,
I just spent a week troubleshooting this very issue on an 8.10 system and
got pam to assign local groups to LDAP uesrs. This method does not require
groups on the LDAP server.
The trick was in */etc/pam.d/common-auth* you need:
auth required pam_group.so use_first_pass
to be listed before:
auth required pam_ldap.so use_first_pass
and this line:
*; *; *; Al0000-2400;audio,cdrom,floppy,plugdev,video,fuse,scanner,dip
must be added to:
/etc/security/group.conf
I've updated the documentation here:
https://help.ubuntu.com/community/LDAPClientAuthentication
See the Notes for "7.10 and laters" for the specific installation
instructions that worked for me (I used auth-client-config).
Nick Fengger
Trillium Charter School
Math & Technology Educator
Information Analyst
Database Programmer
Technology Coordinator
http://www.trilliumcharterschool.org
On Wed, Nov 26, 2008 at 11:33 AM, Nicolas Roussi <nroussi at gmail.com> wrote:
> First thanks to all that replied and helped for this issue. I have resolved
> the issue that I was having where the LDAP users were not part of local
> groups. If you are using smbldap-installer then the solution is the
> following:
> Add a group on the LDAP server with the same groupID as the local group
> sudo smbldap-groupadd -a -g 107 -o fuse
> Then add the users to this group
> sudo smbldap-groupmod -m "user1,user2,..." fuse
>
> This did the trick.
> Thanks again
> --
> Nicolas Roussi
>
> --
> edubuntu-users mailing list
> edubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/edubuntu-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/edubuntu-users/attachments/20081217/2c42c773/attachment.htm
More information about the edubuntu-users
mailing list