If finger is not working, does chfn or the password change stuff work ? I think this is a PAM issue. However, I could be wrong.
My '/etc/pam.d/login' file looks like this and fingers work with LDAP. What does your look like ? [EMAIL PROTECTED]:/etc/pam.d$ cat login | grep -v ^# auth requisite pam_securetty.so auth requisite pam_nologin.so auth required pam_env.so auth sufficient pam_ldap.so auth required pam_unix.so nullok account sufficient pam_ldap.so account required pam_unix.so session sufficient pam_ldap.so session required pam_unix.so session optional pam_lastlog.so session optional pam_motd.so session optional pam_mail.so standard noenv password sufficient pam_ldap.so obscure min=4 max=50 password required pam_unix.so nullok obscure min=4 max=50 My LDAP entry looks like: dn: uid=baka,ou=People,dc=somemachine,dc=org sn: Bo uid: baka shadowMax: 99999 shadowWarning: 7 mail: [EMAIL PROTECTED] mailAlternateAddress: [EMAIL PROTECTED] mailAlternateAddress: [EMAIL PROTECTED] accountStatus: active mailQuota: 20480000S mailMessageStore: /home/1001/Maildir homeDirectory: /home/1001 objectClass: posixAccount objectClass: top objectClass: shadowAccount objectClass: account objectClass: qmailuser objectClass: couriermailaccount objectClass: Person objectClass: OrganizationalPerson objectClass: inetOrgPerson givenName:: V2lmZSA= o: Some Linux Users Group physicalDeliveryOfficeName:: MSBDeWJlciBTcGFjZSA= employeeNumber: 1 telephoneNumber: 911 ou: admin title:: U3VwZXIgTmVyZCA= homePostalAddress: 1 Unix Way or the Hwy. homePhone: 911-home loginShell: /bin/sh uidNumber: 1001 gidNumber: 1001 gecos: Baka,,, cn: Baka Bo userPassword:: e2NyeXB0fSQxJMU2aUpWNUxnMJUUcjFFF1FndXZHEHhkOUtqHSDRqay8= shadowLastChange: 12418 modifiersName: uid=baka,ou=People,dc=somemachine,dc=org modifyTimestamp: 20040101030654Z On 23/03/04 23:06 -0500, Stephen Gran wrote: > Hello all, > > I am having the strangest LDAP issue. We recently migrated a network > from a hodgepdge of system accounts to an all LDAP setup, with the > exception of a few administrative accounts. All seems to be working > well, except for one thing - finger. id returns the expected values, > users can log in, mail gets accepted and delivered, everything I can > think of to check works fine, except finger. > > Even stranger: > finger -m $user returns expected results, although finger $user returns > 'no such user'. Aha! I said - an indexing problem , or perhaps nscd. > Responses coming back too slow for finger. Messed about with different > indexing schemes (they are currently this: > > index gecos,cn,uid pres,eq,sub > index homeDirectory,objectClass,loginshell,gidnumber,uidnumber pres,eq > > for an ldif of: > > dn: uid=$user,ou=People,dc=ccil,dc=org > objectClass: top > objectClass: ccilAccount > objectClass: posixAccount > objectClass: ccilAddress > objectClass: ccilWorkAddress > objectClass: ccilPerson > cn: Some Guy > uid: $user > uidNumber: 11709 > gidNumber: 100 > homeDirectory: /home/u/$user > l: Smalltown > st: PA > postalCode: 12345 > userPassword:: <secret> > loginShell: /bin/bash > gecos: Some Guy > pppAccess: TRUE > emailAccess: TRUE > registered: Oct 30 22:23:16 2001 > street: 1224 Main St. > bday: 01-02-03 > telephoneNumber: 215-555-1212 > education: College Graduate > gender: Blank > > (names changed to protect the innocent)) > > Changing indexing options, running slapindex over and over, no help. > > By accident, I reran finger in my root session that was kept open as an > "I hope I don't hose something" backup plan, and it worked. Now I start > to think ACL's, nscd permissions, etc, but I see nothing out of the > ordinary. We're using a pretty close to stock Debian config for all of > this, with some minor tuning for indexing options and cache size, but > that's about it. The ACL's are the stock ones, so I really don't know > what's falling over here. Anybody have any ideas what to debug next? > > TIA, > -- > ----------------------------------------------------------------- > | ,''`. Stephen Gran | > | : :' : [EMAIL PROTECTED] | > | `. `' Debian user, admin, and developer | > | `- http://www.debian.org | > ----------------------------------------------------------------- -- ------------------------------------------ Ted Knab Chester, Maryland 21619 USA ------------------------------------------ 95f6570216275602f62637f6c6574756e202242796e67602f6e60247 865602478696e6b696e67602d616368696e6560216e6460247865602 56e64602f666028657d616e6964797e2a0
