On Wed, 2005-10-26 at 10:08 -0400, Yang Xiao wrote: > Hi all, > I'm running openldap-2.2.23-5 on FC4 with nss_ldap, I'm was able start > the server and populate the db using smbldap-tool, ldapsearch works, > smbldap-useradd works, but I can't seem to make name switch to work, I > tried both "files ldap" and "compat ldap" for passwd/shadow/group, PAM > system-auth seems to be ok. > I think I should be able to see the ldap users when I do "getent > passwd", but this only shows the passwd file content. > please help! > > Many thanks! > > - Yang > > #system-auth > #%PAM-1.0 > # This file is auto-generated. > # User changes will be destroyed the next time authconfig is run. > auth required /lib/security/$ISA/pam_env.so > auth sufficient /lib/security/$ISA/pam_unix.so likeauth > nullok > auth sufficient /lib/security/$ISA/pam_ldap.so > use_first_pass > auth required /lib/security/$ISA/pam_deny.so > > account required /lib/security/$ISA/pam_unix.so broken_shadow > account sufficient /lib/security/$ISA/pam_succeed_if.so uid < > 100 quiet > account [default=bad success=ok > user_unknown=ignore] /lib/security/$ISA/pam_ldap.so > account required /lib/security/$ISA/pam_permit.so > > password requisite /lib/security/$ISA/pam_cracklib.so retry=3 > password sufficient /lib/security/$ISA/pam_unix.so nullok > use_authtok md5 shadow > password sufficient /lib/security/$ISA/pam_ldap.so use_authtok > password required /lib/security/$ISA/pam_deny.so > > session required /lib/security/$ISA/pam_limits.so > session required /lib/security/$ISA/pam_unix.so > session optional /lib/security/$ISA/pam_ldap.so > > #NSSWITCH > > passwd: compat ldap > group: compat ldap > > hosts: files dns > networks: files dns > > services: files ldap > protocols: files ldap > rpc: files > ethers: files > netmasks: files > netgroup: files ldap > publickey: files > > bootparams: files > automount: files ldap > aliases: files > > shadow: compat ldap > > #/etc/ldap.conf > > host: 127.0.0.1 > base dc=xxx,dc=com > # stored in /etc/ldap.secret (mode 600) > rootbinddn cn=nssldap,ou=DSA,dc=xxx,dc=com > > nss_base_passwd ou=Users,dc=xxx,dc=com?one > nss_base_passwd ou=Computers,dc=xxx,dc=com?one > nss_base_shadow ou=Users,dc=xxx,dc=com?one > nss_base_group ou=Groups,dc=xxx,dc=com?one > > pam_password md5 > ssl no ---- it looks pretty good... what happens when you try from command line? ldapsearch -x -h 127.0.0.1 -D 'cn=nssldap,ou=DSA,dc=xxx,dc=com' \ -W '(objectclass=*)' |grep uid does it list users? Obviously the password you use 'MUST' be the same password you have in /etc/ldap.secret for this to simulate what you are trying to do. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
