On Wed, 2009-12-16 at 12:39 -0800, Peter Serwe wrote:
I think not as well. The tactest user has been blown back out. I can re-add it from ldif again.
[root@ldap home]# getent passwd | grep example [root@ldap home]#
[root@ldap home]# cat /etc/nsswitch.conf | grep -v #
passwd: files ldap shadow: files ldap group: files ldap
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files netmasks: files networks: files protocols: files rpc: files services: files
netgroup: nisplus
publickey: nisplus
automount: files nisplus aliases: files nisplus
[root@ldap home]# cat /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so
account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_ldap.so use_authtok password required pam_deny.so
session optional pam_keyinit.so revoke session required pam_limits.so session optional pam_mkhomedir.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so
[root@ldap home]# cat /etc/ldap.conf | grep -v #
BASE dc=tncionline, dc=net URI ldap://MailScanner warning: numerical links are often malicious: 127.0.0.1 port 389
SIZELIMIT 12 TIMELIMIT 15 DEREF never timelimit 600 bind_timelimit 600 bind_policy soft idle_timelimit 3600
nss_initgroups_ignoreusers pserwe,dgates,root,ldap,named,avahi,haldaemon,dbus base dc=tncionline, dc=net pam_password md5
---- here's a big problem... /etc/ldap.conf
you need to add...(assuming this is where you have People/Groups)
nss_base_passwd ou=People,tncionline,dc=net?one nss_base_shadow ou=People,tncionline,dc=net?one nss_base_group ou=Groups,tncionline,dc=net?one
take the space out of base... base dc=tncionline,dc=net
I'd also add (until you can deal)... ssl no
Craig