Hi,
Try adding "pam_check_host_attr yes" in your /etc/ldap.conf. Your host: blah.example.com in ldap for each entry and system fqdn have to match. See pam_ldap(5) for more info. For example:
ssl start_tls tls_cacertdir /etc/openldap/cacerts pam_password md5 uri ldap://first/ ldap://second/ base dc=example, dc=com pam_filter objectclass=account pam_login_attribute uid pam_check_host_attr yes pam_min_uid 500 nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon HTH :) Kaj On Oct 7, 2008, at 12:44, Simon Blunt wrote:
So a user must have the host:somehostname attribute (or host:*) attribute to login to a given server. This works, but doesn't scale. I must be overlooking something. This final step can't really be missing: can I really not have a host lookup Can anyone nudge me in the right direction?
Kaj -- Kaj J. Niemi <[EMAIL PROTECTED]> +358 45 63 12000
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
