FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 01-11-2010, 11:38 AM
Osamu Aoki
 
Default nsswitch.conf/LDAP

Hi,

(I never configured NSS/LDAP myself)

On Mon, Jan 11, 2010 at 01:22:26PM +0100, Michael Mühlbauer wrote:
> I have a problem with my NSS/LDAP setup. When I set
>
> passwd: * *files [SUCCESS=return] ldap
> group: * * * files [SUCCESS=return] ldap
> shadow: * *files
>
> in /etc/nsswitch.conf and then enter 'id root' in the shell the NSS
> tries to contact the LDAP server *although* root is contained in
> /etc/passwd, /etc/group (and /etc/shadow) and can thus be
> authenticated without inquiring the LDAP server.
>
> So what I want is, to have users be authenticated via LDAP only when
> they are *not* in the passwd/group files. How do I archieve this?

In most installations, /etc/shadow contain local password setting.

Why not
> shadow: * *files [SUCCESS=return] ldap

(passwd only contain account public info.)


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-12-2010, 02:40 AM
Tom H
 
Default nsswitch.conf/LDAP

> I have a problem with my NSS/LDAP setup. When I set

> passwd: * *files [SUCCESS=return] ldap
> group: * * * files [SUCCESS=return] ldap
> shadow: * *files

> in /etc/nsswitch.conf and then enter 'id root' in the shell the NSS
> tries to contact the LDAP server *although* root is contained in
> /etc/passwd, /etc/group (and /etc/shadow) and can thus be
> authenticated without inquiring the LDAP server.

> So what I want is, to have users be authenticated via LDAP only when
> they are *not* in the passwd/group files. How do I *archieve this?

How about
getent passwd root
and
getent group root

(by the way, "return" is the default for "success")


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-12-2010, 03:35 AM
Alex Samad
 
Default nsswitch.conf/LDAP

On Tue, Jan 12, 2010 at 04:40:23AM +0100, Tom H wrote:
> > I have a problem with my NSS/LDAP setup. When I set
>
> > passwd: * *files [SUCCESS=return] ldap
> > group: * * * files [SUCCESS=return] ldap
> > shadow: * *files

my 2c, mine is setup the same way and seems to work

>

[snip]

>

--
"It's my honor to speak to you as the leader of your country. And the great thing about America is you don't have to listen unless you want to."

- George W. Bush
07/10/2001
New York, NY
speaking to recently sworn in immigrants on Ellis Island
 

Thread Tools




All times are GMT. The time now is 01:23 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org