On 12/30/2014 11:46 AM, Daniel Hagerty wrote:
Bill Horne<[email protected]> writes:
I don't see an nsswitch.conf file on the machine.
os-x isn't nss based. Apple does their own thing here, and it's
been different from release to release. See if "dscl" is still there;
it is/was the direct introspection tool for all things going through
their nss-alike.
"Dscl" is present, but I followed your next suggestion first ...
Also, double check that the unix basics really do what
you expect with:
perl -MData::Dumper -e 'print Dumper([getpwnam("billhorne")])'
for both local and ldap sourced users. You should get something that
looks like the fields of a V7 passwd file.
Here's the printout:
perl -MData::Dumper -e 'print Dumper([getpwnam("billhorne")])'
$VAR1 = [
'billhorne',
'********',
1025,
20,
0,
'',
'William Horne',
'/dev/null',
'/usr/bin/false',
0
];
.... and the "billhorne" ID does NOT have access to sftp or ssh at this
point.
Here's the result after I entered a "test" user, by hand, using the
Server program. I created the ID, and manual gave it (the user id) ftp
and "file transfer" privileges.
perl -MData::Dumper -e 'print Dumper([getpwnam("williamwarren")])'
$VAR1 = [];
noaasrs2:~ administrator$ perl -MData::Dumper -e 'print
Dumper([getpwnam("adamant")])'
$VAR1 = [
'adamant',
'********',
1030,
20,
0,
'',
'Adam Ant',
'/Users/adamant',
'/bin/bash',
0
];
... and the "adamant" ID *IS* able to access sftp, ssh, and ftp.
So, I modified the "billhorne" id, by changing the "Home folder" from
"None - Services Only" to "Local only", and also be deleting all the
groups it was a member of, and authorizing the id for "File Sharing",
"SSH", and "FTP" as a single user.
$VAR1 = [
'billhorne',
'********',
1025,
20,
0,
'',
'William Horne',
'/Users/billhorne',
'/bin/bash',
0
];
And, now "billhorne" can use ssh and sftp.
Which brings up a lot of questions, which I'd appreciate your help
answering:
1. Does every Open Directory user have to have a "home" directory on the
master server "/Users" branch, or can it be placed elsewhere or left on
the user's workstation?
2. How would you chroot network users with local "home" directories so
that they're blocked from using them, and limited to the same branch as
ftp users?
3. I know that I'm not supposed to be able to change the passwords of
imported users, but I seem to be unable to change the password of *ANY*
user! I "cntl-click" on the uid, but I never get anything except the
choices to modify the user or change what services it has access to (and
an option to change mail, but this isn't a mail server). What the
procedure to change the password of each type of network user?
Bill
_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss
