I've setup an Ubuntu 10.10 LDAP Client to authenticate off my LDAP server. I've install the following:
sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db nscd ldap-utils pam_ccreds Here's my /etc/nsswitch.conf: passwd: files ldap [NOTFOUND=return] db > > group: files ldap [NOTFOUND=return] db > > shadow: files ldap > > hosts: files dns > networks: files > > protocols: db files > services: db files > ethers: db files > rpc: db files > I can nss_updatedb ldap succssfully: # nss_updatedb ldap passwd... done. group... done. I can getent passwd, getent passwd shadow, getent group just fine and they all show all my ldap users. However, I cannot do an id ldapuser ex: $ id tony id: tony: No such user Here's my auth.log: Dec 1 21:08:17 webdev120 sshd[14765]: pam_unix(sshd:auth): check pass; user > unknown > Here's my syslog: sshd[14648]: Libgcrypt warning: missing initialization - please fix the > application > Here's my /etc/pam.d/commoun-auth: auth [success=4 default=ignore] pam_unix.so nullok_secure > auth [success=3 default=ignore] pam_ldap.so use_first_pass > auth [success=2 default=ignore] pam_ccreds.so minimum_uid=1000 > action=validate use_first_pass > auth [default=ignore] pam_ccreds.so minimum_uid=1000 action=update > # here's the fallback if no module succeeds > #auth requisite pam_deny.so > # prime the stack with a positive return value if there isn't one already; > # this avoids us returning an error just because nothing sets a success > code > # since the modules above will each just jump around > #auth required pam_permit.so > # and here are more per-package modules (the "Additional" block) > auth optional pam_ccreds.so minimum_uid=1000 action=store > # end of pam-auth-update config > Here's my /etc/pam.d/common-account: # here are the per-package modules (the "Primary" block) > account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so > account [success=1 default=ignore] pam_ldap.so > # here's the fallback if no module succeeds > account requisite pam_deny.so > # prime the stack with a positive return value if there isn't one already; > # this avoids us returning an error just because nothing sets a success > code > # since the modules above will each just jump around > account required pam_permit.so > # and here are more per-package modules (the "Additional" block) > # end of pam-auth-update config > ID works just fine with my local users on my local machine so somehow it's not able to read the ldap users. Any insights appreciated.
