AH! I finally figured it out (Learned all about strace in the process:) ) As an FYI--if anyone out there is installing/using gentoo, and is thinking about kerberos, make sure you don't use both krb4 and kerberos (different distributors) in your use flags. The system gets confused as to which to use!
Kevin On Sun, 2004-07-25 at 23:23, Kevin Williams wrote: > All, > > I'm hoping someone can point me in the right direction for solving this > issue. I'm trying to set up my NSS to use ldap via PAM (nss_ldap). From > all the docs, this should be a piece of cake. Not for me though! I'm > running on Gentoo Linux with OpenLdap 2.1.26 > > >From what I've read, I have to configure the following files: > 1. /etc/ldap.conf > 2. /etc/nsswitch.conf > 3. /etc/pam.d/system-auth > > Here's what I put in each file: > ldap.conf: > > host 127.0.0.1 > base dc=tarity,dc=com > binddn cn=Manager,dc=tarity,dc=com > bindpw PASSWORD > pam_password exop > scope sub > nss_base_passwd ou=People,dc=tarity,dc=com > nss_base_shadow ou=People,dc=tarity,dc=com > nss_base_group ou=Group,dc=tarity,dc=com > > nsswitch.conf: > (modified these three lines) > passwd: files ldap > shadow: files ldap > group: files ldap > ... > > etc/pam.d/system-auth (added the following lines) > auth sufficient /lib/security/pam_ldap.so > account sufficient /lib/security/pam_ldap.so > password sufficient /ib/security/pam_ldap.so use_first_pass use_authtok > session sufficient /lib/security/pam_ldap.so > > I've populated the LDAP database to be used as a windows domain controller, > so I should have Domain and Administrator entries in the LDAP Database and > NOT in the group or passwd files. Testing the system, I SHOULD get results > returned when I use this command: > getent group | grep Domain > getent passwd | grep Administrator > > I'm pretty sure it's a config issue since I don't have anything showing up > in my ldap log file. I don't have any log messages of the command at all > (which is why I'm now stumped)! Does anyone see a configuration error that > I might have, or have any advice for troubleshooting this issue? > > On a side note...I now get 2 password fields whenever I su. > $su > Password: > Password: > > Would this be trying to authenticate via ldap, and then unix? I'm guessing > this is due to a configuration change. When I make these changes, do I need > to restart a daemon? > > Thanks! > > Kevin Williams > > > _______________________________________________ > PDXLUG mailing list > [EMAIL PROTECTED] > http://pdxlug.org/mailman/listinfo/pdxlug _______________________________________________ PDXLUG mailing list [EMAIL PROTECTED] http://pdxlug.org/mailman/listinfo/pdxlug
