ons, 2002-09-18 kl. 16:25 skrev Moody Adam: > I have pam_ldap and nss_ldap on a test Mandrake box. Authentication is > working without issue back to an Openldap server. Mine's Red Hat 7.2+++, Openldap 2.1.4, Berkeley 4.0.14 and PADL pam_ldap-148 and nss_ldap-197. > User lookups are working fine. > However group lookup fails: "getent group" returns nothing, Same here, but I can live without it. 'id username' should return the group number for you. > and 'ls' lists > group numbers instead of names. You probably have ACL problems, mine works o.k. > "getent shadow" and "passwd" return expected values. Same here. > This is probably a simple problem but after a day of looking I can't see > anything. Any help would be appreciated! Look to your ACLs, as far as 'ls -l' returning group names is concerned. If I try hard enough with my ACL attributes, I can make it so that neither UID/user name nor GID/grout name works properly any more. 'getent group' has never worked for me, but I don't miss it; everything else works. Best, Tony --- > My config: > nsswitch.conf: > group: ldap nisplus nis > pam_ldap.conf: > nss_base_group ou=Group,dc=somedomain,dc=com?one > nss_ldap version: 189-2 > pam_ldap version: 148-1 > Openldap version: 2.0.21-1 > > > > Cheers > Adam > > > > ************************************************************************ > The contents of this message and any attachments are confidential and > are intended solely for the attention and use of the addressee only. > Information contained in this message may be subject to legal, > professional or other privilege or may otherwise be protected by other > legal rules. This message should not be copied or forwarded to any other > person without the express permission of the sender. If you are not the > intended recipient you are not authorised to disclose, copy, distribute > or retain this message or any part of it. > > If you have received this message in error, please notify the sender by > telephone (+44-20-7002-4000) and destroy the original message. > > We reserve the right to monitor all e-mail messages passing through our > network. > ************************************************************************ -- Tony Earnshaw Tha can allway tell a Yorkshireman, but tha canna tell 'im much. e-post: tonni@billy.demon.nl www: http://www.billy.demon.nl gpg public key: http://www.billy.demon.nl/tonni.armor Telefoon: (+31) (0)172 530428 Mobiel: (+31) (0)6 51153356 GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981 3BE7B981
Attachment:
signature.asc
Description: Dette er en digitalt signert meldingsdel