[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: nss_ldap error
thanks Tony. The main reason i wanted to avoid pam is b/c pam does not
seem to support SASL from what i have read and i need the pam libraries
to force a SASL auth request since my ldap server passes authentication
to a radius server. Putting radius credentials on each ssh client is
not feasible which is why i want to go the ldap route.
Any workarounds for that do you see?
thanks again
adam
On Sat, 2003-12-06 at 18:16, Tony Earnshaw wrote:
> fre, 05.12.2003 kl. 21.03 skrev Adam Denenberg:
>
> > redhat 8 is my OS.
> >
> > nsswitch.conf:
> > passwd: files ldap
> > shadow: files ldap
> > group: files ldap
> >
> >
> > here is some output, maybe you can shed some light. I do have openssh
> > built with pam, but i am not using pam since I was hoping to just use
> > nss libs and have the builtin nss libs query ldap using SASL which would
> > in turn query RADIUS for authentication. Am i missing something?
>
> You are missing something ;) The fact that you can't ssh in has
> *nothing* to do with nss, *everything* to do with pam.
>
> Though you might want to dreadfully, you cannot ignore pam - it's used
> for everything to do with the Unix (yes, I know you're using Linux) side
> of things (like login, passwd, ssh, su, gdm etc). nss is for the
> Openldap-client side of things.
>
> Also, the indexing of your db seems to be utterly missing.
>
> So, read up all you can on pam and how to index your db.
>
> --Tonni