We use LDAP over TLS via PAM for auth, and use NSSWITCH as well. After upgrade from Hardy -> Jaunty -> Karmic, su no longer functioned, however sudo did work.
Here is what I found. When upgrading to Karmic, keeping our old /etc/pam.d/common-auth failed for su. Putting in the default common- auth from a fresh install of Karmic works. Old /etc/pam.d/common-auth: auth sufficient pam_ldap.so debug auth sufficient pam_unix.so try_first_pass likeauth nullok auth required pam_deny.so auth required pam_nologin.so Baseline Karmic /etc/pam.d/common-auth that works (snippet): # here are the per-package modules (the "Primary" block) auth [success=2 default=ignore] pam_unix.so nullok_secure auth [success=1 default=ignore] pam_ldap.so use_first_pass # here's the fallback if no module succeeds auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around auth required pam_permit.so Our relavent nsswitch lines: passwd: files ldap group: files ldap shadow: files ldap Relevant /etc/ldap.conf lines: ssl start_tls tls_checkpeer no So, after "fixing" the common-auth file, su began working for us. Hope that is helpful. -- NSS using LDAP on Karmic breaks 'su' and 'sudo' https://bugs.launchpad.net/bugs/423252 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
