LDAP client auth almost working, need help.
Jim Canfield
jcanfield at tshmail.com
Tue Oct 31 15:23:58 UTC 2006
Greetings,
I'm a former gentooer and this is my first post to the ubuntu list. So far, I'm very impressed with ubuntu! Great works guys!
...Anyway, looks like the nss-ldap intigration is not quite what it should be. I looked at the Doc for LDAP clinet auth (https://help.ubuntu.com/community/LDAPClientAuthentication) and it's not correct for edgy. Here's where I am.
Problem 1:
dpackage acts like it's configuring a libnss-ldap.conf (or some type of ldap.conf) but it never changes. I had to manually go in and change the ldap server settings. After that `getent` seemed to be fine.
Problem 2:
FOOBAR BOOT! For some ungodly reason udevd trys to connect to an ldap server before devices have been created. My hunch is that it looking for a group name that doesn't exist locally and trying to use ldap to resolve it. I've seen a few post on the debian list regarding this looking for the ''nogroup" or "nobody"...however ubuntu has these groups. I'm confused.
Problem 3:
Can't authticate via gdm. I can "su ldapuser" fine and even switch to a virtual console and login, but login through gdm fails miserably.
Any help would be greatly appreciated...
Jim
Configs:
common-account
account sufficient pam_ldap.so
account required pam_unix.so
common-auth:
auth sufficient pam_ldap.so
auth required pam_unix.so nullok_secure use_first_pass
common-password:
password sufficient pam_ldap.so
password required pam_unix.so nullok obscure min=4 max=8 md5
common-session:
session optional pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel/
session optional pam_ldap.so
session optional pam_foreground.so
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20061031/362b683b/attachment.html>
More information about the ubuntu-users
mailing list