Ok here's what you suggested: r...@webtest111:/etc/pam.d# id tony > id: tony: No such user
r...@webtest111:/etc/pam.d# getent passwd tony > r...@webtest111:/etc/pam.d# getent passwd | grep tony > tony:x:1005:10000:Tony Montana:/home/tony:/bin/bash > r...@webtest111:/etc/pam.d# /etc/init.d/nscd stop > * Stopping Name Service Cache Daemon nscd [ > OK ] > r...@webtest111:/etc/pam.d# getent passwd | grep tony > tony:x:1005:10000:Tony Montana:/home/tony:/bin/bash > r...@webtest111:/etc/pam.d# getent passwd tony > r...@webtest111:/etc/pam.d# > I'll start a reinstall of the other packages instead of libnss-ldap and libpam-ldap. Thanks for the tips. Regards On Wed, Dec 1, 2010 at 11:48 PM, Buchan Milne <[email protected]>wrote: > On Wednesday, 1 December 2010 22:37:56 Anton Chu wrote: > > I've setup an Ubuntu 10.10 LDAP Client to authenticate off my LDAP > server. > > I've install the following: > > > > sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db > > nscd ldap-utils pam_ccreds > > > > Here's my /etc/nsswitch.conf: > > > > passwd: files ldap [NOTFOUND=return] db > > > > > group: files ldap [NOTFOUND=return] db > > > > > > shadow: files ldap > > > > > > hosts: files dns > > > networks: files > > > > > > protocols: db files > > > services: db files > > > ethers: db files > > > rpc: db files > > > > I can nss_updatedb ldap succssfully: > > # nss_updatedb ldap > > passwd... done. > > group... done. > > > > I can getent passwd, getent passwd shadow, getent group just fine and > > they all show all my ldap users. > > Please compare these two: > > $ getent passwd |grep tony > $ getent passwd tony > > If the first succeeds (returns a line looking like /etc/passwd), and the > second fails (returns nothing), then you probably have a negative cache > from > nscd. Stop nscd, and test again. > > > However, I cannot do an id ldapuser > > > > ex: > > $ id tony > > id: tony: No such user > > [...] > > > ID works just fine with my local users on my local machine so somehow > > it's not able to read the ldap users. > > > > Any insights appreciated. > > In some environments, I do use nss_ldap+nss_db/nss_updatedb+nscd, but one > of > the newer options (e.g. sssd) may be a better option. > > Regards, > Buchan >
