[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Problem with getent passwd
- To: Lynn York <lynn.york@mavenwire.com>, openldap-technical@openldap.org
- Subject: Re: Problem with getent passwd
- From: Tyler Gates <tgates81@gmail.com>
- Date: Wed, 24 Mar 2010 21:31:25 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :x-enigmail-version:content-type:content-transfer-encoding; bh=s+35fSdKGuMw5L0R0opaeREdNhYngAdN9rC6QzS2cVM=; b=PXsGrIn2NzjcT9Q/QZDEZaDB2Dsx9z35CFT0RBe+R14Day3LzQRw07yVOx8i8jH7wE mf/m5KR5BK2HW7aezMxRDZDQNMpD9SjJZ7Q51xx9jeH7uq21gm7ZgDaR7uhBBMT9RO0u p/pbj/DP9bJv0Osjq+hgsYog55bOq+ZPqJJKQ=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; b=J+9wnCx+sne2m+Euo+Nqp3NgXSk7xn6wjkfgZsGyylprSu3SNIWWX5luGFFpFIIvjq p+T01yEpqs8gqX5OhhQRzmVrAcTRZ8cKvaAsSrRoeBKXp1kacxbco8sP6GlQ1K+252QU /0Qt6X+5gz2TMTMr8wdvijBL1s8FC/tRcvwb8=
- In-reply-to: <adc36d9e994c203d94b2b333513ba920@mail.gmail.com>
- References: <1ed94ea4fd9f95ea0afe20e9156e73b5@mail.gmail.com> <C6D73D4B-7E66-4691-8770-0F1E61B7F13C@gmail.com> <adc36d9e994c203d94b2b333513ba920@mail.gmail.com>
- User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.8) Gecko/20100313 Thunderbird/3.0.3
Actually I misspoke earlier -I meant run the command 'setup' from the
terminal and select authentication. From there you should see "User
Information" and "Authentication" columns. Just check LDAP in "User
Information" and you should see getent populate the passwords.
That normally does the trick.. pretty simple but if that doesn't work
I'd check your /etc/ldap.conf is setup correctly (I mostly have to just
add the host information and base dn). Other wise your LDAP server
doesn't have the attributes its' expecting from its queries to generate
user account information.
On 03/24/2010 08:09 AM, Lynn York wrote:
> Here is my /etc/pam.d/system-auth file
>
>
>
> cat /etc/pam.d/system-auth
>
> #%PAM-1.0
>
> # This file is auto-generated.
>
> # User changes will be destroyed the next time authconfig is run.
>
> auth required pam_env.so
>
> auth sufficient pam_unix.so nullok try_first_pass
>
> auth requisite pam_succeed_if.so uid >= 500 quiet
>
> auth sufficient pam_ldap.so use_first_pass
>
> auth required pam_deny.so
>
>
>
> account required pam_unix.so broken_shadow
>
> account sufficient pam_succeed_if.so uid < 500 quiet
>
> account [default=bad success=ok user_unknown=ignore] pam_ldap.so
>
> account required pam_permit.so
>
>
>
> password requisite pam_cracklib.so try_first_pass retry=3
>
> password sufficient pam_unix.so md5 shadow nullok try_first_pass
> use_authtok
>
> password sufficient pam_ldap.so use_authtok
>
> password required pam_deny.so
>
>
>
> session optional pam_keyinit.so revoke
>
> session required pam_limits.so
>
> session [success=1 default=ignore] pam_succeed_if.so service in crond
> quiet use_uid
>
> session required pam_unix.so
>
> session optional pam_ldap.so
>
>
>
>
>
> Also, when I ran authconfig, that didn’t help. The server still queries the
> ldap server, but the users don’t actually show when I run getent passwd…..
> could it be something with the rwm mappings?
>
>
>
> *From:* Tyler Gates [mailto:tgates81@gmail.com]
> *Sent:* Tuesday, March 23, 2010 8:26 PM
> *To:* Lynn York
> *Subject:* Re: Problem with getent passwd
>
>
>
> Sounds like it's a problem with your client side pam_ldap authentication.
> There's a whole buch of steps to get that working, just google it. If you
> have a redhat variant authconfig or setup will step you through it. It would
> help if you could post your system_auth file.
>
> On Mar 23, 2010, at 11:40 AM, Lynn York <lynn.york@mavenwire.com> wrote:
>
> Hello,
>
>
>
> When I issue “getent passwd” I can see it query the ldap
> server for all the information and the server is returning the correct
> information. However, “getent passwd” doesn’t actually show the users that
> are in ldap. I am not sure where my problem might be. Can anyone offer any
> suggestions on where to look?
>
>
>
> Lynn York II
>
> MavenWire Hosting Admin
>
> www.mavenwire.com
>
> (866) 343-4870 x717
>
>
>
> MavenWire - We DELIVER
>
> http://www.mavenwire.com
>
>
>
> This e-mail and any attached files may contain confidential and/or
> privileged material for the sole use of the intended recipient. Any review,
> use, distribution or disclosure by others is strictly prohibited. If you are
> not the intended recipient (or authorized to receive this e-mail for the
> recipient), you may not review, copy or distribute this message. Please
> contact the sender by reply e-mail and delete all copies of this message.
>
>
>
> MavenWire - We DELIVER
>
> http://www.mavenwire.com
>
>
>
> This e-mail and any attached files may contain confidential and/or
> privileged material for the sole use of the intended recipient. Any
> review, use, distribution or disclosure by others is strictly
> prohibited. If you are not the intended recipient (or authorized to
> receive this e-mail for the recipient), you may not review, copy or
> distribute this message. Please contact the sender by reply e-mail
> and delete all copies of this message.
>
> MavenWire - We DELIVER
> http://www.mavenwire.com
>
> This e-mail and any attached files may contain confidential and/or privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive this e-mail for the recipient), you may not review, copy or distribute this message. Please contact the sender by reply e-mail and delete all copies of this message.
>
>