I've setup an Ubuntu 10.10 LDAP Client to authenticate off my LDAP server. I've install the following:
sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db nscd ldap-utils pam_ccreds
Here's my /etc/nsswitch.conf:
passwd: files ldap [NOTFOUND=return] db
group: files ldap [NOTFOUND=return] db
shadow: files ldap
hosts: files dns networks: files
protocols: db files services: db files ethers: db files rpc: db files
I can nss_updatedb ldap succssfully: # nss_updatedb ldap passwd... done. group... done.
I can getent passwd, getent passwd shadow, getent group just fine and they all show all my ldap users.
However, I cannot do an id ldapuser
ex: $ id tony id: tony: No such user
Here's my auth.log:
Dec 1 21:08:17 webdev120 sshd[14765]: pam_unix(sshd:auth): check pass; user
unknown
Here's my syslog:
sshd[14648]: Libgcrypt warning: missing initialization - please fix the
application
Here's my /etc/pam.d/commoun-auth:
auth [success=4 default=ignore] pam_unix.so nullok_secure
auth [success=3 default=ignore] pam_ldap.so use_first_pass auth [success=2 default=ignore] pam_ccreds.so minimum_uid=1000 action=validate use_first_pass auth [default=ignore] pam_ccreds.so minimum_uid=1000 action=update # here's the fallback if no module succeeds #auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around #auth required pam_permit.so # and here are more per-package modules (the "Additional" block) auth optional pam_ccreds.so minimum_uid=1000 action=store # end of pam-auth-update config
Here's my /etc/pam.d/common-account:
# here are the per-package modules (the "Primary" block)
account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so account [success=1 default=ignore] pam_ldap.so # here's the fallback if no module succeeds account requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around account required pam_permit.so # and here are more per-package modules (the "Additional" block) # end of pam-auth-update config
ID works just fine with my local users on my local machine so somehow it's not able to read the ldap users.
Any insights appreciated.