On Thu, 2008-01-03 at 00:57 +0100, Petter Reinholdtsen wrote: > [Arthur de Jong] > > I have not tested such a setup before but from what I can see from > > my tests is that it may be very inefficient with the current version > > of nss-ldapd. It is better to use: > > passwd: files ldap > > group: files ldap > > shadow: files ldap > > (you also don't need the + at the end of the files in /etc any more) > > This is not a useful configuration for me, as I want to limit the > visible users and groups by netgroups. So in a production system I do > not put + at the end of the files in /etc/, I put [EMAIL PROTECTED] there to > control which users and groups are visible. > > > All this can be worked around by in nss-ldapd and I've put it on the > > TODO list but I must say that it's not a very high priority right > > now because there is a better way to configure NSS. > > It would be great if it could get higher on the priority list. :)
The priority just got increased (mainly because it wasn't that difficult to implement and even made a few pieces of code simpler) and it is implemented with revision 556 in svn. By the way, wouldn't it be simpler to limit which users could login with PAM or something like that and have NSS show all the users? > > This does a number of lookups but nothing really interesting (except > > for the too many queries started as mentioned above). Could you also > > provide some output from sshd? > > Not quite sure what you are asking for? The output from sshd -dD? > Here it is: [...] Thanks, that helped. The segmentation fault was caused by an error in the new code that was only available in the svn version you used. It is fixed now (r552). Could you test the svn version (r556 or newer) again and see if that fixes the problems you had? If you have any more errors with ssh could you include the same information from ssh as before and your pam config? Thanks. -- -- arthur - [EMAIL PROTECTED] - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part
