|
»
»
« Return to Thread: nsswitch.conf issues with LDAP Auth?
nsswitch.conf issues with LDAP Auth?
by Daniel Cross-2
::
Rate this Message:
Hello all,
I seem to be having some issues with getting auth requests to not lookup
the ldap server if the account is local and have tried everthing and am
stumped. Heres a rundown...
What I'm doing:
I have a pair of LDAP boxes, which ~thirty systems are looking up for
authentication via LDAP. Auth all works well. No issues there.
The issue, however is that..
Even with local system accounts (root, www-data, postfix, etc), the
systems are still contacting the LDAP servers, and I just don't see why
(considering I have Files specified first in nsswitch.conf and
pam_unix.so first in all the pam confs).
Ideally, if the accounts are local, I'd like the systems to say 'ok, we
have our account, now lets not query the LDAP server'
Anyhow, heres my confs:
nsswitch.conf-
passwd: files ldap
group: files ldap
shadow: files ldap
sudoers: files ldap
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
common-auth:
auth sufficient pam_unix.so nullok_secure
auth sufficient pam_ldap.so use_first_pass
auth required pam_permit.so
common-account:
account sufficient pam_unix.so
account sufficient pam_ldap.so
account required pam_permit.so
common-password:
password sufficient pam_unix.so nullok md5 shadow obscure min=4
max=8
password sufficient pam_ldap.so use_first_pass
password required pam_permit.so
common-session:
session optional /lib/security/pam_mkhomedir.so skel=/etc/skel
umask=0022
session sufficient pam_unix.so
session sufficient pam_ldap.so
Oh, and software versions:
libldap2 2.1.30-3
libnss-ldap 238-1
libpam-ldap 180-1
Soooo, anyone seen the same symptoms?
Any ideas or sugestions would be very helpful
Regards,
--
Daniel Cross
Systems Administrator Cell +64 21535975
WorldxChange DDI +64 9 9501354
I seem to be having some issues with getting auth requests to not lookup
the ldap server if the account is local and have tried everthing and am
stumped. Heres a rundown...
What I'm doing:
I have a pair of LDAP boxes, which ~thirty systems are looking up for
authentication via LDAP. Auth all works well. No issues there.
The issue, however is that..
Even with local system accounts (root, www-data, postfix, etc), the
systems are still contacting the LDAP servers, and I just don't see why
(considering I have Files specified first in nsswitch.conf and
pam_unix.so first in all the pam confs).
Ideally, if the accounts are local, I'd like the systems to say 'ok, we
have our account, now lets not query the LDAP server'
Anyhow, heres my confs:
nsswitch.conf-
passwd: files ldap
group: files ldap
shadow: files ldap
sudoers: files ldap
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
common-auth:
auth sufficient pam_unix.so nullok_secure
auth sufficient pam_ldap.so use_first_pass
auth required pam_permit.so
common-account:
account sufficient pam_unix.so
account sufficient pam_ldap.so
account required pam_permit.so
common-password:
password sufficient pam_unix.so nullok md5 shadow obscure min=4
max=8
password sufficient pam_ldap.so use_first_pass
password required pam_permit.so
common-session:
session optional /lib/security/pam_mkhomedir.so skel=/etc/skel
umask=0022
session sufficient pam_unix.so
session sufficient pam_ldap.so
Oh, and software versions:
libldap2 2.1.30-3
libnss-ldap 238-1
libpam-ldap 180-1
Soooo, anyone seen the same symptoms?
Any ideas or sugestions would be very helpful
Regards,
--
Daniel Cross
Systems Administrator Cell +64 21535975
WorldxChange DDI +64 9 9501354
« Return to Thread: nsswitch.conf issues with LDAP Auth?
| Free embeddable forum powered by Nabble | Forum Help |
