|
»
»
« Return to Thread: RV: Unix id command and Openldap
Re: RV: Unix id command and Openldap
by whistl
::
Rate this Message:
Oh, and the last line of /etc/passwd is:
+::::::
and the last line of /etc/group is:
+:::
--
Patrick Wolfe
ADP Employease
770-325-7724
On Dec 22, 2008, at 3:57 PM, Patrick Wolfe wrote:
> I have one SLES 10 SP2 VM configured with ldap authentication, and
> the "id" command works just fine. My /etc/nsswitch.conf "passwd"
> and "group" lines are set to "compat", not "files ldap".
>
>
> --
>
> Patrick Wolfe
> ADP Employease
> 770-325-7724
>
>
>
> On Dec 22, 2008, at 3:47 PM, <okossuth@...> wrote:
>
>> I'm using suse linux enterprise server 10 SP1
>>
>>
>> Saludos,
>>
>> Oskar Kossuth
>> Administrador UNIX
>> ANTEL Telecomunicaciones
>>
>>
>> -----Mensaje original-----
>> De: Patrick Wolfe [mailto:pwolfe@...]
>> Enviado el: Monday, December 22, 2008 5:23 PM
>> Para: Kossuth Espinosa, Oskar
>> CC: pwolfe@...; nssldap@...
>> Asunto: Re: [nssldap] RV: Unix id command and Openldap
>>
>> perhaps your installed "id" command doesn't support the nsswitch.conf
>> file and it's associated library. You might need to recompile it.
>> What distro and version of UNIX are you using?
>>
>>
>> --
>>
>> Patrick Wolfe
>> ADP Employease
>> 770-325-7724
>>
>>
>>
>> On Dec 22, 2008, at 3:14 PM, <okossuth@...> wrote:
>>
>>> of course I have done that..
>>> any other ideas?
>>>
>>> Saludos,
>>>
>>> Oskar Kossuth
>>> Administrador UNIX
>>> ANTEL Telecomunicaciones
>>>
>>>
>>> -----Mensaje original-----
>>> De: owner-nssldap@... [mailto:owner-nssldap@...] En nombre
>>> de Patrick Wolfe
>>> Enviado el: Monday, December 22, 2008 5:04 PM
>>> Para: Kossuth Espinosa, Oskar
>>> CC: nssldap@...
>>> Asunto: Re: [nssldap] RV: Unix id command and Openldap
>>>
>>> the "id" command works fine on our FreeBSD 6 and CentOS 4.x/5.x
>>> servers. Make sure your /etc/nsswitch.conf says "passwd: files
>>> ldap"
>>> and "group: files ldap", or else id won't be searching ldap for ids
>>> and groups.
>>>
>>> --
>>>
>>> Patrick Wolfe
>>> ADP Employease
>>> 770-325-7724
>>>
>>>
>>>
>>> On Dec 22, 2008, at 2:15 PM, <okossuth@...> wrote:
>>>
>>>> Hi
>>>>
>>>>
>>>>
>>>> Does the id command works with a system using OPENLDAP
>>>> authentication ?
>>>>
>>>> I have implemented a server with openldap 2.3 and several clients
>>>> use this system to authenticate
>>>>
>>>> users, and works fine except that when I do a "id user" on a client
>>>> it only gives me the information of the primary
>>>>
>>>> group which the user belongs to and not of the suplementary groups
>>>> that he is also a member of in the LDAP server...
>>>>
>>>> any ideas??
>>>>
>>>> im sending you the /etc/ldap.conf and /etc/nsswitch.conf of the
>>>> client.
>>>>
>>>> thanks for your help
>>>>
>>>>
>>>>
>>>> Saludos,
>>>>
>>>> Oskar Kossuth
>>>> Administrador UNIX
>>>> ANTEL Telecomunicaciones
>>>>
>>>>
>>>> -----Mensaje original-----
>>>> De: openldap-technical-bounces+okossuth=antel.com.uy@...
>>>> [mailto:openldap-technical-bounces+okossuth=antel.com.uy@...
>>>> ] En nombre de Andrew Findlay
>>>> Enviado el: Wednesday, December 17, 2008 2:00 PM
>>>> Para: Kossuth Espinosa, Oskar
>>>> CC: openldap-technical@...; claus.kick@...
>>>> Asunto: Re: Unix id command and Openldap
>>>>
>>>> On Wed, Dec 17, 2008 at 02:20:40PM -0200, okossuth@...
>>>> wrote:
>>>>
>>>>> My problem is that I only see the primary group without the
>>>>> supplementary ones, whenever the groups are stored in the LDAP if
>>>>> the
>>>>> user is in the ldap server.
>>>>
>>>> This sounds more like an NSS problem than a purely OpenLDAP one,
>>>> so you may get more help by posting to nssldap@....
>>>>
>>>> Please post the 'passwd' and 'group' lines from /etc/nsswitch.conf
>>>> and also the /etc/ldap.conf file (with passwords obscured).
>>>>
>>>> It would also be worth running slapd at debug level 768 and posting
>>>> what gets logged when you run the 'id' command.
>>>>
>>>> Andrew
>>>> --
>>>> -----------------------------------------------------------------------
>>>> | From Andrew Findlay, Skills 1st
>>>> Ltd |
>>>> | Consultant in large-scale systems, networks, and directory
>>>> services |
>>>> | http://www.skills-1st.co.uk/ +44 1628
>>>> 782565 |
>>>> -----------------------------------------------------------------------
>>>>
>>>> El presente correo y cualquier posible archivo
>>>> adjunto está
>>>> dirigido únicamente al destinatario del mensaje y contiene
>>>> información
>>>> que puede ser confidencial. Si Ud. no es el destinatario
>>>> correcto por
>>>> favor notifique al remitente respondiendo anexando este mensaje y
>>>> elimine
>>>> inmediatamente el e-mail y los posibles archivos adjuntos al
>>>> mismo
>>>> de su
>>>> sistema. Está prohibida cualquier utilización, difusión o copia
>>>> de este
>>>> e-mail por cualquier persona o entidad que no sean las
>>>> específicas
>>>> destinatarias del mensaje. ANTEL no acepta ninguna
>>>> responsabilidad con
>>>> respecto a cualquier comunicación que haya sido emitida
>>>> incumpliendo
>>>> nuestra Política de Seguridad de la Información.
>>>> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
>>>> This e-mail and any attachment is confidential and is intended
>>>> solely for
>>>> the addressee(s). If you are not intended recipient please
>>>> inform the
>>>> sender immediately, answering this e-mail and delete it as well
>>>> as the
>>>> attached files. Any use, circulation or copy of this e-mail by any
>>>> person
>>>> or entity that is not the specific addressee(s) is prohibited.
>>>> ANTEL is
>>>> not responsible for any communication emitted without
>>>> respecting our
>>>> Information Security Policy.
>>>> <ldap.conf><nsswitch.conf>
>>>
>>>
>>>
>>
>>
>
>
+::::::
and the last line of /etc/group is:
+:::
--
Patrick Wolfe
ADP Employease
770-325-7724
On Dec 22, 2008, at 3:57 PM, Patrick Wolfe wrote:
> I have one SLES 10 SP2 VM configured with ldap authentication, and
> the "id" command works just fine. My /etc/nsswitch.conf "passwd"
> and "group" lines are set to "compat", not "files ldap".
>
>
> --
>
> Patrick Wolfe
> ADP Employease
> 770-325-7724
>
>
>
> On Dec 22, 2008, at 3:47 PM, <okossuth@...> wrote:
>
>> I'm using suse linux enterprise server 10 SP1
>>
>>
>> Saludos,
>>
>> Oskar Kossuth
>> Administrador UNIX
>> ANTEL Telecomunicaciones
>>
>>
>> -----Mensaje original-----
>> De: Patrick Wolfe [mailto:pwolfe@...]
>> Enviado el: Monday, December 22, 2008 5:23 PM
>> Para: Kossuth Espinosa, Oskar
>> CC: pwolfe@...; nssldap@...
>> Asunto: Re: [nssldap] RV: Unix id command and Openldap
>>
>> perhaps your installed "id" command doesn't support the nsswitch.conf
>> file and it's associated library. You might need to recompile it.
>> What distro and version of UNIX are you using?
>>
>>
>> --
>>
>> Patrick Wolfe
>> ADP Employease
>> 770-325-7724
>>
>>
>>
>> On Dec 22, 2008, at 3:14 PM, <okossuth@...> wrote:
>>
>>> of course I have done that..
>>> any other ideas?
>>>
>>> Saludos,
>>>
>>> Oskar Kossuth
>>> Administrador UNIX
>>> ANTEL Telecomunicaciones
>>>
>>>
>>> -----Mensaje original-----
>>> De: owner-nssldap@... [mailto:owner-nssldap@...] En nombre
>>> de Patrick Wolfe
>>> Enviado el: Monday, December 22, 2008 5:04 PM
>>> Para: Kossuth Espinosa, Oskar
>>> CC: nssldap@...
>>> Asunto: Re: [nssldap] RV: Unix id command and Openldap
>>>
>>> the "id" command works fine on our FreeBSD 6 and CentOS 4.x/5.x
>>> servers. Make sure your /etc/nsswitch.conf says "passwd: files
>>> ldap"
>>> and "group: files ldap", or else id won't be searching ldap for ids
>>> and groups.
>>>
>>> --
>>>
>>> Patrick Wolfe
>>> ADP Employease
>>> 770-325-7724
>>>
>>>
>>>
>>> On Dec 22, 2008, at 2:15 PM, <okossuth@...> wrote:
>>>
>>>> Hi
>>>>
>>>>
>>>>
>>>> Does the id command works with a system using OPENLDAP
>>>> authentication ?
>>>>
>>>> I have implemented a server with openldap 2.3 and several clients
>>>> use this system to authenticate
>>>>
>>>> users, and works fine except that when I do a "id user" on a client
>>>> it only gives me the information of the primary
>>>>
>>>> group which the user belongs to and not of the suplementary groups
>>>> that he is also a member of in the LDAP server...
>>>>
>>>> any ideas??
>>>>
>>>> im sending you the /etc/ldap.conf and /etc/nsswitch.conf of the
>>>> client.
>>>>
>>>> thanks for your help
>>>>
>>>>
>>>>
>>>> Saludos,
>>>>
>>>> Oskar Kossuth
>>>> Administrador UNIX
>>>> ANTEL Telecomunicaciones
>>>>
>>>>
>>>> -----Mensaje original-----
>>>> De: openldap-technical-bounces+okossuth=antel.com.uy@...
>>>> [mailto:openldap-technical-bounces+okossuth=antel.com.uy@...
>>>> ] En nombre de Andrew Findlay
>>>> Enviado el: Wednesday, December 17, 2008 2:00 PM
>>>> Para: Kossuth Espinosa, Oskar
>>>> CC: openldap-technical@...; claus.kick@...
>>>> Asunto: Re: Unix id command and Openldap
>>>>
>>>> On Wed, Dec 17, 2008 at 02:20:40PM -0200, okossuth@...
>>>> wrote:
>>>>
>>>>> My problem is that I only see the primary group without the
>>>>> supplementary ones, whenever the groups are stored in the LDAP if
>>>>> the
>>>>> user is in the ldap server.
>>>>
>>>> This sounds more like an NSS problem than a purely OpenLDAP one,
>>>> so you may get more help by posting to nssldap@....
>>>>
>>>> Please post the 'passwd' and 'group' lines from /etc/nsswitch.conf
>>>> and also the /etc/ldap.conf file (with passwords obscured).
>>>>
>>>> It would also be worth running slapd at debug level 768 and posting
>>>> what gets logged when you run the 'id' command.
>>>>
>>>> Andrew
>>>> --
>>>> -----------------------------------------------------------------------
>>>> | From Andrew Findlay, Skills 1st
>>>> Ltd |
>>>> | Consultant in large-scale systems, networks, and directory
>>>> services |
>>>> | http://www.skills-1st.co.uk/ +44 1628
>>>> 782565 |
>>>> -----------------------------------------------------------------------
>>>>
>>>> El presente correo y cualquier posible archivo
>>>> adjunto está
>>>> dirigido únicamente al destinatario del mensaje y contiene
>>>> información
>>>> que puede ser confidencial. Si Ud. no es el destinatario
>>>> correcto por
>>>> favor notifique al remitente respondiendo anexando este mensaje y
>>>> elimine
>>>> inmediatamente el e-mail y los posibles archivos adjuntos al
>>>> mismo
>>>> de su
>>>> sistema. Está prohibida cualquier utilización, difusión o copia
>>>> de este
>>>> e-mail por cualquier persona o entidad que no sean las
>>>> específicas
>>>> destinatarias del mensaje. ANTEL no acepta ninguna
>>>> responsabilidad con
>>>> respecto a cualquier comunicación que haya sido emitida
>>>> incumpliendo
>>>> nuestra Política de Seguridad de la Información.
>>>> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
>>>> This e-mail and any attachment is confidential and is intended
>>>> solely for
>>>> the addressee(s). If you are not intended recipient please
>>>> inform the
>>>> sender immediately, answering this e-mail and delete it as well
>>>> as the
>>>> attached files. Any use, circulation or copy of this e-mail by any
>>>> person
>>>> or entity that is not the specific addressee(s) is prohibited.
>>>> ANTEL is
>>>> not responsible for any communication emitted without
>>>> respecting our
>>>> Information Security Policy.
>>>> <ldap.conf><nsswitch.conf>
>>>
>>>
>>>
>>
>>
>
>
« Return to Thread: RV: Unix id command and Openldap
| Free embeddable forum powered by Nabble | Forum Help |
