hardy as a nfs / krb5/ldap client

FM dist-list at LEXUM.UMontreal.CA
Tue Apr 15 13:59:36 UTC 2008 

Hello,

We are looking at hardy as a Redhat enterprise alternative for desktop.
But we have very strange problem with ldap/krb5 (OpenLDAP and 
MIT-Kerberos) user with nfs home.
Everything is fine with local user. So I suppose that my settings are 
the problem :).
Problems like :
- it takes several minutes to open the gnome-appearance-properties. (I 
do not have gtk-qt-engine installed).
- switching keyboard with alt+alt does not work.
- NFS server (Redhat) complains about a .hidden file not found on the 
nfs home folder, ...
- ...

As I say, these strange behaviors are only seen with our ldap/krb5 user.
I have not problem using kinit and authenticating with openldap




My network user is a member of the same group as the local user  + other 
groups :
groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),106(fuse),108(lpadmin),114(admin),529(canlii),1012(admins),1707(canlii-web)

the nsswitch.conf :
passwd:         files ldap
shadow:         files ldap
group:          files ldap
hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
netgroup:       files ldap

and the common-* files (same config used on our Redhat workstation):
account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_krb5.so
account     required      pam_permit.so

auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_krb5.so use_first_pass
auth        required      pam_deny.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass 
use_authtok
password    sufficient    pam_krb5.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in 
crond quiet use_uid
session     required      pam_unix.so
session     optional      pam_krb5.so




Any advices / idea ?

Tx !

More information about the ubuntu-users mailing list