Thank you for the response. I checked permissions, bob can read (with less) the file. I also checked /etc/pam.d that one and system-auth in there were 700 and 600 and I changed that to 755 and 644 (not sure what they are supposed to be). But it didn't fix it either... Do you have another idea? Thanks, MARK > -----Original Message----- > From: fedora-list-bounces@xxxxxxxxxx > [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of Nalin Dahyabhai > Sent: Thursday, October 21, 2004 10:49 AM > To: fedora-list@xxxxxxxxxx > Subject: Re: Authentication and group/username resolving problem > > > On Thu, Oct 21, 2004 at 10:37:22AM -0700, Mark wrote: > > I have LDAP setup to do userid, groupid and password > handling for me. > > I added "ldap" to 3 categories in nsswitch: passwd, shadow and group > > Do I need to add LDAP to any others? > > > > The problem I have is the following: > > I can logon with a user (for example bob) that is setup in the LDAP > > directory and does not exist locally. > > When bob logs in, there is are error messages saying : > > id: cannot find name for user ID 20002 > > id: cannot find name for group ID 20001 > > id: cannot find name for group ID 20003 > > id: cannot find name for group ID 20002 > > id: cannot find name for group ID 20000 > > > > If bob does "finger bob" or "groups bob", it says no such user. > > > > If root does "finger bob" or "groups bob", everything comes up fine. > > > > Is this a permission problem that prevents users other than > root to use > > LDAP? > > Nine times out of ten, this means that the permissions on > /etc/nsswitch.conf are set up so that root can read it but > bob can't, so > applications which bob runs fall back to glibc's compiled-in defaults > for the settings which are stored in that file. > > HTH, > > Nalin > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list >
