On Wednesday, 1 December 2010 22:37:56 Anton Chu wrote: > I've setup an Ubuntu 10.10 LDAP Client to authenticate off my LDAP server. > I've install the following: > > sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db > nscd ldap-utils pam_ccreds > > Here's my /etc/nsswitch.conf: > > passwd: files ldap [NOTFOUND=return] db > > > group: files ldap [NOTFOUND=return] db > > > > shadow: files ldap > > > > hosts: files dns > > networks: files > > > > protocols: db files > > services: db files > > ethers: db files > > rpc: db files > > I can nss_updatedb ldap succssfully: > # nss_updatedb ldap > passwd... done. > group... done. > > I can getent passwd, getent passwd shadow, getent group just fine and > they all show all my ldap users.
Please compare these two: $ getent passwd |grep tony $ getent passwd tony If the first succeeds (returns a line looking like /etc/passwd), and the second fails (returns nothing), then you probably have a negative cache from nscd. Stop nscd, and test again. > However, I cannot do an id ldapuser > > ex: > $ id tony > id: tony: No such user [...] > ID works just fine with my local users on my local machine so somehow > it's not able to read the ldap users. > > Any insights appreciated. In some environments, I do use nss_ldap+nss_db/nss_updatedb+nscd, but one of the newer options (e.g. sssd) may be a better option. Regards, Buchan
