I sent y the nsswitch.conf,
thks for your help, i'm searching on google but i don't understand ...
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# ldap Use LDAP (only if nss_ldap is installed)
# nisplus or nis+ Use NIS+ (NIS version 3), unsupported
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files ldap nis
#shadow: db files ldap nis
#group: db files ldap nis
passwd: files ldap
shadow: files ldap
group: files ldap
#hosts: db files ldap nis dns
hosts: files dns
# Example - obey only what ldap tells us...
#services: ldap [NOTFOUND=return] files
#networks: ldap [NOTFOUND=return] files
#protocols: ldap [NOTFOUND=return] files
#rpc: ldap [NOTFOUND=return] files
#ethers: ldap [NOTFOUND=return] files
bootparams: files
ethers: files
netmasks: files
networks: files
protocols: files ldap
rpc: files
services: files ldap
netgroup: files ldap
publickey: files
automount: files ldap
aliases: files
thks,
Alain
Tony Earnshaw wrote:
asiani@free.fr skrev, on 04-02-2008 14:06:
I'm looking for a documentation of "howto configure getent with ldap",
can you help me, i have problem with this fonction on centos 4.4
i can't get entries from ldap but i try to configure :
/etc/pam.d/system-auth
/etc/ldap.conf
You're mixing up nss_ldap and pam_ldap. The above files have mostly
to do with pam_ldap, you should be looking at /etc/nsswitch.conf.
I'll grant you the Red Hat derived pam_ and nss_ldap libraries are
very much mixed together in how far the nss library uses
/etc/ldap.conf (far more than in the original Padl versions) but if
getent with ldap doesn't work for you, it's far more likely that the
fault is in nsswitch.conf than in ldap.conf. Exceptions are lines
beginning with "nss_".
slapcat is ok
i do :
smbpasswd -w mypassword
i put my conf at the bottom of this email,
/etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
# Modif by AS
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth
nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid <
100
quiet
account required /lib/security/$ISA/pam_permit.so
account sufficient /lib/security/$ISA/pam_ldap.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
password required /lib/security/$ISA/pam_deny.so
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so
This is pure pam, has nothing to do with nss_ldap.
/etc/ldap.conf
host 127.0.0.1
Ok.
#host 10.0.0.245
base dc=myDomain,dc=com
rootbinddn cn=Manager,dc=myDomain,dc=com
Ok.
timelimit 120
bind_timelimit 120
idle_timelimit 3600
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
None of the above has anything to do with nss.
Best,
--Tonni