Nicolas, I just spent a week troubleshooting this very issue on an 8.10 system and got pam to assign local groups to LDAP uesrs. This method does not require groups on the LDAP server.
The trick was in */etc/pam.d/common-auth* you need: auth required pam_group.so use_first_pass to be listed before: auth required pam_ldap.so use_first_pass and this line: *; *; *; Al0000-2400;audio,cdrom,floppy,plugdev,video,fuse,scanner,dip must be added to: /etc/security/group.conf I've updated the documentation here: https://help.ubuntu.com/community/LDAPClientAuthentication See the Notes for "7.10 and laters" for the specific installation instructions that worked for me (I used auth-client-config). Nick Fengger Trillium Charter School Math & Technology Educator Information Analyst Database Programmer Technology Coordinator http://www.trilliumcharterschool.org On Wed, Nov 26, 2008 at 11:33 AM, Nicolas Roussi <nrou...@gmail.com> wrote: > First thanks to all that replied and helped for this issue. I have resolved > the issue that I was having where the LDAP users were not part of local > groups. If you are using smbldap-installer then the solution is the > following: > Add a group on the LDAP server with the same groupID as the local group > sudo smbldap-groupadd -a -g 107 -o fuse > Then add the users to this group > sudo smbldap-groupmod -m "user1,user2,..." fuse > > This did the trick. > Thanks again > -- > Nicolas Roussi > > -- > edubuntu-users mailing list > edubuntu-users@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/edubuntu-users > >
-- edubuntu-users mailing list edubuntu-users@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users