I'm having difficulty getting this to work even in a basic case. I built and patched the PAM modules (pam-1.1.1), and copied the resulting pam-1.1.1/modules/pam_group/.libs/pam_group.so to /lib/security . Even after a reboot (if even necessary?), rules in /etc/security/group.conf continue to work as long as they don't reference LDAP groups. However, I can't get LDAP groups to work. I don't see any errors or warnings in /var/log/auth.log . What else can I do to debug?
I'm testing on a VM of Lucid 10.04 beta 2. Here is a test group and user I setup in OpenLDAP: dn: cn=testPAMGroup,ou=groups,dc=test,dc=ziesemer,dc=com cn: testPAMGroup gidnumber: 2001 memberuid: mark-test objectclass: posixGroup objectclass: top dn: cn=mark-test,ou=people,dc=test,dc=ziesemer,dc=com cn: mark-test gidnumber: 2000 givenname: Mark homedirectory: /home/users/mark-test loginshell: /bin/sh objectclass: inetOrgPerson objectclass: posixAccount objectclass: top sn: Ziesemer uid: mark-test uidnumber: 10003 Line added to /etc/security/group.conf : *; *; %testPAMGroup; Al0000-2400; cdrom, audio, video Test: $ sudo su - mark-test No directory, logging in with HOME=/ $ id uid=10003(mark-test) gid=2000(users) groups=2000(users),2001(testPAMGroup) Note that the session doesn't have any of the additional groups, e.g. cdrom. If I replace the line in group.conf to : *; *; mark-test; Al0000-2400; cdrom, audio, video $ sudo su - mark-test No directory, logging in with HOME=/ $ id uid=10003(mark-test) gid=2000(users) groups=24(cdrom),29(audio),44(video),2000(users),2001(testPAMGroup) -- pam_group does support NSS groups https://bugs.launchpad.net/bugs/297408 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
