Nicolas,<br><br>I just spent a week troubleshooting this very issue on an 8.10 system and got pam to assign local groups to LDAP uesrs. This method does not require groups on the LDAP server.<br><br><p class="line862">The trick was in <strong>/etc/pam.d/common-auth</strong> you need:<span class="anchor" id="line-83"></span><span class="anchor" id="line-84"></span></p>
<p class="line867"><span class="anchor" id="line-85"></span><span class="anchor" id="line-86"></span><span class="anchor" id="line-87"></span><span class="anchor" id="line-88"></span></p><pre>auth required pam_group.so use_first_pass <br>
</pre>to be listed before:<br><pre>auth required pam_ldap.so use_first_pass <br></pre><br>and this line:<br><br><tt>*; *; *; Al0000-2400;audio,cdrom,floppy,plugdev,video,fuse,scanner,dip<br><br></tt>must be added to:<br>
<br><tt>/etc/security/group.conf</tt><br><br>I've updated the documentation here: <a href="https://help.ubuntu.com/community/LDAPClientAuthentication">https://help.ubuntu.com/community/LDAPClientAuthentication</a><br>
<br>See the Notes for "7.10 and laters" for the specific installation instructions that worked for me (I used auth-client-config).<br><br>Nick Fengger<br><br>Trillium Charter School<br>Math & Technology Educator<br>
Information Analyst<br>Database Programmer<br>Technology Coordinator<br><br><a href="http://www.trilliumcharterschool.org">http://www.trilliumcharterschool.org</a><br><br><br>
<br><br><div class="gmail_quote">On Wed, Nov 26, 2008 at 11:33 AM, Nicolas Roussi <span dir="ltr"><<a href="mailto:nroussi@gmail.com">nroussi@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
First thanks to all that replied and helped for this issue. I have resolved the issue that I was having where the LDAP users were not part of local groups. If you are using smbldap-installer then the solution is the following:<br>
Add a group on the LDAP server with the same groupID as the local group<br>sudo smbldap-groupadd -a -g 107 -o fuse<br clear="all">Then add the users to this group<br>sudo smbldap-groupmod -m "user1,user2,..." fuse<br>
<br>This did the trick. <br>Thanks again<br>-- <br><font color="#888888">Nicolas Roussi<br>
</font><br>--<br>
edubuntu-users mailing list<br>
<a href="mailto:edubuntu-users@lists.ubuntu.com">edubuntu-users@lists.ubuntu.com</a><br>
Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/mailman/listinfo/edubuntu-users" target="_blank">https://lists.ubuntu.com/mailman/listinfo/edubuntu-users</a><br>
<br></blockquote></div><br>