Hi Pat,
On 29 Feb 2008, at 18:04, Pat Riehecky wrote:
In your /etc/libnss-ldap.conf do you have
pam_groupdn ou=Groups,dc=example,dc=com pam_member_attribute uniquemember nss_base_group ou=Group,dc=example,dc=com?one
I don't have any pam_* settings enabled. I have tried with and without nss_base_group with no luck.
set? Those have bitten me in the past. You should also check /etc/pam_ldap.conf
Here I didn't try the pam_groupdn because I didn't wan to enforce a group membership.
Thanks!
Chris
Pat
On Fri, 2008-02-29 at 17:43 +0000, Christian Weihrauch wrote:
Hi,
I have problems with debian etch Linux clients resolving group names served by our LDAP server. user and passwd work because I can login properly. "getent group" properly shows the group served by the LDAP server. eg: #getent group mygroup:x:1000:chris
However "id username" only shows LDAP served groupIDs but not their names. eg: #id chris uid=1002(chris) gid=1000 groups=1000,20(dialout)
This means that I can't do things like chgrp eg: "chgroup mygroup directoryname" gives: "chgrp: invalid group `mygroup'"
I am using nscd and nsswitch.conf says: passwd: files ldap group: files ldap shadow: files ldap
Any ideas?
Thanks!