Ok here's what you suggested:
root@webtest111:/etc/pam.d# id tony
id: tony: No such user
root@webtest111:/etc/pam.d# getent passwd tony
root@webtest111:/etc/pam.d# getent passwd | grep tony tony:x:1005:10000:Tony Montana:/home/tony:/bin/bash root@webtest111:/etc/pam.d# /etc/init.d/nscd stop
- Stopping Name Service Cache Daemon nscd [
OK ] root@webtest111:/etc/pam.d# getent passwd | grep tony tony:x:1005:10000:Tony Montana:/home/tony:/bin/bash root@webtest111:/etc/pam.d# getent passwd tony root@webtest111:/etc/pam.d#
I'll start a reinstall of the other packages instead of libnss-ldap and libpam-ldap.
Thanks for the tips.
Regards
On Wed, Dec 1, 2010 at 11:48 PM, Buchan Milne bgmilne@staff.telkomsa.netwrote:
On Wednesday, 1 December 2010 22:37:56 Anton Chu wrote:
I've setup an Ubuntu 10.10 LDAP Client to authenticate off my LDAP
server.
I've install the following:
sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db nscd ldap-utils pam_ccreds
Here's my /etc/nsswitch.conf:
passwd: files ldap [NOTFOUND=return] db
group: files ldap [NOTFOUND=return] db
shadow: files ldap
hosts: files dns networks: files
protocols: db files services: db files ethers: db files rpc: db files
I can nss_updatedb ldap succssfully: # nss_updatedb ldap passwd... done. group... done.
I can getent passwd, getent passwd shadow, getent group just fine and they all show all my ldap users.
Please compare these two:
$ getent passwd |grep tony $ getent passwd tony
If the first succeeds (returns a line looking like /etc/passwd), and the second fails (returns nothing), then you probably have a negative cache from nscd. Stop nscd, and test again.
However, I cannot do an id ldapuser
ex: $ id tony id: tony: No such user
[...]
ID works just fine with my local users on my local machine so somehow it's not able to read the ldap users.
Any insights appreciated.
In some environments, I do use nss_ldap+nss_db/nss_updatedb+nscd, but one of the newer options (e.g. sssd) may be a better option.
Regards, Buchan