Marcy, We are connecting to Win2K3 (Not R2) AD using nss_ldap + pam_kerberos (not vintella). Works fine for us.
** [OUTPUT OF ID COMMAND OBFUSCATED TO PROTECT THE INNOCENT] linux249:/var/log # cat /etc/passwd | grep tstjrw linux249:/var/log # su - tstjrw -c id;echo $? uid=[MASKED](tstjrw) gid=[MASKED]([MASKED]) groups=[MASKED] 0 linux249:/var/log # cat /etc/passwd | grep tst000 tst000:x:[MASKED]:[MASKED]:[MASKED]:/home/tst000:/bin/bash linux249:/var/log # su - tst000 -c id;echo $? uid=[MASKED](tst000) gid=[MASKED]([MASKED]) groups=[MASKED] 0 Marcy Cortes <[EMAIL PROTECTED]> Sent by: Linux on 390 Port <[email protected]> 10/10/2006 03:23 PM Please respond to Linux on 390 Port <[email protected]> To [email protected] cc Subject [LINUX-390] Odd problem with SU command Running Sles9x, SP3. We have sw installed that authenticates users against Active Directory using pam.d stuff (Vintela VAS). Those users don't have to be in /etc/passwd at all. In trying to install db2, we needed to create a local userid. Fine, no problem this is supported. But the su command returns rc 1 if the user is local and rc 0 if the user is VAS. This makes the db2icrt script fail. Was wondering if someone out there is also using an off server authentication method could check and see if it fails for them too? >From root: su (localuser) -c id echo $? su (non-localuser) -c id echo $? Return code 1 is supposed to mean su failed, but su doesn't fail - we do get the results of the command properly. The RH Intel Linux servers don't have this problem and removing the VAS calls from /etc/pam.d/su didn't seem to make a difference either. We're reporting it to support, but was hoping to narrow it down to whose support :) Marcy Cortes "This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation." ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
