Hi, I got it working - thanks. I *was* using getent, and I was still getting back info about users not listed in /etc/passwd (using +user). I then noticed (after I had already sent my earlier mail) that all of them were listed with shell '/bin/false'. I had a line '+::::::/bin/false' as the last line in /etc/passwd, and wasn't reading the complete output from getent. Once I noticed that I was able to troubleshoot things rather quickly. Thanks again for your help. brian. On Wed, 2004-01-28 at 15:23, Nalin Dahyabhai wrote: > On Wed, Jan 28, 2004 at 01:47:35PM -0500, Brian K. Jones wrote: > > I've asked this question before, and on several other mailing lists, but > > no answer yet. > > > > I want to be able to authenticate users using 'compat' against an ldap > > directory, such that this notation works (in nsswitch.conf) > > > > passwd: compat > > passwd_compat: ldap > > > > I've heard rumours that this does work in RHEL 3, so I'm trying to > > figure out what the magic incantation is to get it working in FC 1. > > Under FC1, the syntax in nsswitch doesn't cause an error - but it > > doesn't enforce the '+username' notation in /etc/passwd either - > > anyone with a valid account on the ldap server gets in. Presumably, > > this is a glibc-specific, and not a nss_ldap-specific issue, since > > libnss_compat is bundled with glibc. > > First, check that you have glibc 2.3.2-58 or newer -- its changelog > suggests that this is a minimum. Then, bypass login and check what > applications get from glibc to make sure you understand what's going on > (i.e., start with the basics and work your way up). > > Do that by running "getent passwd" to get the entire list of users which > are visible to your system. Or try "getent passwd username" to check if > applications can look up information about a particular user. Check > this both as "root" and as an unprivileged user to make sure you don't > have a permissions problem somewhere on the client system. > > If that all works (and it did on my test box), then the problem may be > something else. > > HTH, > > Nalin >
