It's done with the /etc/nsswitch.conf file. If you specify "files,ldap" the system looks at the local files first, then tries LDAP if not found there.
Mark Post -----Original Message----- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of James Melin Sent: Wednesday, April 21, 2004 11:12 AM To: [EMAIL PROTECTED] Subject: Re: /etc/passwd and /etc/shadow - synchronized on multiple images Ahh, there's the rub... how do you set up linux so users authenticate against LDAP but root, db2inst1, da1usr, snort, squid and so on, do not. "Post, Mark K" <[EMAIL PROTECTED] m> To Sent by: Linux on [EMAIL PROTECTED] 390 Port cc <[EMAIL PROTECTED] IST.EDU> Subject Re: /etc/passwd and /etc/shadow - synchronized on multiple images 04/21/2004 10:07 AM Please respond to Linux on 390 Port <[EMAIL PROTECTED] IST.EDU> James, Are you talking about system administrator accounts, or user accounts? As Thomas said, using LDAP, with or without Kerberos, etc., would be a good idea, but _not_ for those accounts that need to be able to login to fix problems with those kinds of tools. You won't be happy if LDAP isn't working, and you can't login to fix it, because both your account and the root account need LDAP to be available. Keeping things consistent across images for those so-called "local" accounts isn't particularly easy, when done manually, but I'm not aware of any good, free, tools to do that. What I've done, when creating new images, is copy the parts of /etc/passwd and /etc/shadow that have UIDs for real people to the new system, append it to the production copies, and then run a script that copies their existing home directories from a "source" system, and then does a "chown -R " on it. Mark Post -----Original Message----- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of James Melin Sent: Wednesday, April 21, 2004 9:24 AM To: [EMAIL PROTECTED] Subject: /etc/passwd and /etc/shadow - synchronized on multiple images What is the best method to duplicate the user list, GID/UID assignments for users on multiple Linux guests and keep them consistent? ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
