hardy as a nfs / krb5/ldap client
FM
dist-list at LEXUM.UMontreal.CA
Tue Apr 15 13:59:36 UTC 2008
Hello,
We are looking at hardy as a Redhat enterprise alternative for desktop.
But we have very strange problem with ldap/krb5 (OpenLDAP and
MIT-Kerberos) user with nfs home.
Everything is fine with local user. So I suppose that my settings are
the problem :).
Problems like :
- it takes several minutes to open the gnome-appearance-properties. (I
do not have gtk-qt-engine installed).
- switching keyboard with alt+alt does not work.
- NFS server (Redhat) complains about a .hidden file not found on the
nfs home folder, ...
- ...
As I say, these strange behaviors are only seen with our ldap/krb5 user.
I have not problem using kinit and authenticating with openldap
My network user is a member of the same group as the local user + other
groups :
groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),106(fuse),108(lpadmin),114(admin),529(canlii),1012(admins),1707(canlii-web)
the nsswitch.conf :
passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: files ldap
and the common-* files (same config used on our Redhat workstation):
account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_krb5.so
account required pam_permit.so
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_krb5.so use_first_pass
auth required pam_deny.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass
use_authtok
password sufficient pam_krb5.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session required pam_unix.so
session optional pam_krb5.so
Any advices / idea ?
Tx !
More information about the ubuntu-users
mailing list