Jamie Thompson wrote: > Have you tested that the authentication for PAM is working correctly? > Try logging in using whatever auth you are using for it and check it can > read the entiries it needs. libnss-ldap and pam_ldap have different
Did this. ldapsearch with a bind of uid=chris,ou=people,dc=longship,dc=org searching ou=people for uid=chris shows me (including userPassword - which is configured in slapd only viewable for owner and admin). > My files are: > > common-password: > password sufficient pam_ldap.so ignore_unknown_user > password required pam_unix.so try_first_pass nullok obscure > min=4 max=8 md5 > > common-auth: > auth sufficient pam_ldap.so > auth required pam_unix.so use_first_pass nullok_secure > > common-account: > account sufficient pam_ldap.so > account required pam_unix.so use_first_pass > > common-session: > session required pam_unix.so Copied this lot. Did a dpkg-reconfigure of libpam-ldap (keeping any config - no changes) and now login works :) Getting closer :) Seems to have solved the requirement on double password prompts too - that use_first_pass is a useful one. But - sudo complains sudo: uid 1000 does not exist in the passwd file! /etc/pam.d/sudo shows @include common-auth @include common-account so that should be able to go via ldap - since it goes via the common files? user chris is in the sudoers file with NOPASSWD access for shutdown and reboot commands. So - how to get sudo to play fair? Am still trying to decide what should go in ldap (in terms of system users and any groups) - but at least login is working :) Until I've got login etc working just fine I'm going to wait with samba config - one issue at a time methinks :) -- Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
