All, I'm hoping someone can point me in the right direction for solving this issue. I'm trying to set up my NSS to use ldap via PAM (nss_ldap). From all the docs, this should be a piece of cake. Not for me though! I'm running on Gentoo Linux with OpenLdap 2.1.26
>From what I've read, I have to configure the following files: 1. /etc/ldap.conf 2. /etc/nsswitch.conf 3. /etc/pam.d/system-auth Here's what I put in each file: ldap.conf: host 127.0.0.1 base dc=tarity,dc=com binddn cn=Manager,dc=tarity,dc=com bindpw PASSWORD pam_password exop scope sub nss_base_passwd ou=People,dc=tarity,dc=com nss_base_shadow ou=People,dc=tarity,dc=com nss_base_group ou=Group,dc=tarity,dc=com nsswitch.conf: (modified these three lines) passwd: files ldap shadow: files ldap group: files ldap ... etc/pam.d/system-auth (added the following lines) auth sufficient /lib/security/pam_ldap.so account sufficient /lib/security/pam_ldap.so password sufficient /ib/security/pam_ldap.so use_first_pass use_authtok session sufficient /lib/security/pam_ldap.so I've populated the LDAP database to be used as a windows domain controller, so I should have Domain and Administrator entries in the LDAP Database and NOT in the group or passwd files. Testing the system, I SHOULD get results returned when I use this command: getent group | grep Domain getent passwd | grep Administrator I'm pretty sure it's a config issue since I don't have anything showing up in my ldap log file. I don't have any log messages of the command at all (which is why I'm now stumped)! Does anyone see a configuration error that I might have, or have any advice for troubleshooting this issue? On a side note...I now get 2 password fields whenever I su. $su Password: Password: Would this be trying to authenticate via ldap, and then unix? I'm guessing this is due to a configuration change. When I make these changes, do I need to restart a daemon? Thanks! Kevin Williams _______________________________________________ PDXLUG mailing list [EMAIL PROTECTED] http://pdxlug.org/mailman/listinfo/pdxlug
