[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Group lookups failing



ons, 2002-09-18 kl. 16:25 skrev Moody Adam:

> I have pam_ldap and nss_ldap on a test Mandrake box. Authentication is
> working without issue back to an Openldap server. 

Mine's Red Hat 7.2+++, Openldap 2.1.4, Berkeley 4.0.14 and PADL
pam_ldap-148 and nss_ldap-197.

> User lookups are working fine.
> However group lookup fails: "getent group" returns nothing,

Same here, but I can live without it. 'id username' should return the
group number for you.

> and 'ls' lists
> group numbers instead of names.

You probably have ACL problems, mine works o.k.

> "getent shadow" and "passwd" return expected values.

Same here.

> This is probably a simple problem but after a day of looking I can't see
> anything. Any help would be appreciated!

Look to your ACLs, as far as 'ls -l' returning group names is concerned.
If I try hard enough with my ACL attributes, I can make it so that
neither UID/user name  nor GID/grout name works properly any more.
'getent group' has never worked for me, but I don't miss it; everything
else works.

Best,

Tony

---

> My config:

> nsswitch.conf:
> group:      ldap nisplus nis

> pam_ldap.conf:
> nss_base_group          ou=Group,dc=somedomain,dc=com?one

> nss_ldap version: 189-2
> pam_ldap version: 148-1
> Openldap version:  2.0.21-1
> 
> 
> 
> Cheers
> Adam
> 
> 
> 
> ************************************************************************
> The contents of this message and any attachments are confidential and
> are intended solely for the attention and use of the addressee only.
> Information contained in this message may be subject to legal, 
> professional or other privilege or may otherwise be protected by other
> legal rules. This message should not be copied or forwarded to any other
> person without the express permission of the sender. If you are not the
> intended recipient you are not authorised to disclose, copy, distribute
> or retain this message or any part of it.
> 
> If you have received this message in error, please notify the sender by
> telephone (+44-20-7002-4000) and destroy the original message.
> 
> We reserve the right to monitor all e-mail messages passing through our
> network.
> ************************************************************************
-- 

Tony Earnshaw

Tha can allway tell a Yorkshireman, but tha canna tell 'im much.

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl
gpg public key:	http://www.billy.demon.nl/tonni.armor

Telefoon:	(+31) (0)172 530428
Mobiel:		(+31) (0)6 51153356

GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981
3BE7B981


Attachment: signature.asc
Description: Dette er en digitalt signert meldingsdel