I have a user that I have set locally on a Red Hat machine. I store that user in LDAP with the same Posix attributes, but their password differs. When I log in from the Red Hat machine, it uses the local cached credentials of that user (LDAP password and credentials never seem to matter). How can I synchronize the local and ldap version of the user so that I don't have to create it locally AND on LDAP on every single remote machine?
Thanks,
R
Assuming you use SSSD, If you change /etc/nsswitch.conf to be 'sss files' rather than 'files sss' for passwd / shadow / group, it will use SSSD first before local. You could also simply remove them from the /etc/[passwd/shadow/group] files too and use only LDAP via SSSD...
On Thu, Mar 6, 2014 at 12:57 PM, Chaudhari, Rohit K. < Rohit.Chaudhari@jhuapl.edu> wrote:
I have a user that I have set locally on a Red Hat machine. I store that user in LDAP with the same Posix attributes, but their password differs. When I log in from the Red Hat machine, it uses the local cached credentials of that user (LDAP password and credentials never seem to matter). How can I synchronize the local and ldap version of the user so that I don't have to create it locally AND on LDAP on every single remote machine?
Thanks,
R
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Ok, I will give that a try.
Thanks
From: Jonathan Vaughn <jonathan@creatuity.commailto:jonathan@creatuity.com> Reply-To: "General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.orgmailto:389-users@lists.fedoraproject.org> Date: Thursday, March 6, 2014 2:21 PM To: "General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.orgmailto:389-users@lists.fedoraproject.org> Subject: Re: [389-users] Local accounts vs 389 DS users
Assuming you use SSSD, If you change /etc/nsswitch.conf to be 'sss files' rather than 'files sss' for passwd / shadow / group, it will use SSSD first before local. You could also simply remove them from the /etc/[passwd/shadow/group] files too and use only LDAP via SSSD...
On Thu, Mar 6, 2014 at 12:57 PM, Chaudhari, Rohit K. <Rohit.Chaudhari@jhuapl.edumailto:Rohit.Chaudhari@jhuapl.edu> wrote: I have a user that I have set locally on a Red Hat machine. I store that user in LDAP with the same Posix attributes, but their password differs. When I log in from the Red Hat machine, it uses the local cached credentials of that user (LDAP password and credentials never seem to matter). How can I synchronize the local and ldap version of the user so that I don't have to create it locally AND on LDAP on every single remote machine?
Thanks,
R
-- 389 users mailing list 389-users@lists.fedoraproject.orgmailto:389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org
-
Chaudhari, Rohit K. -
Jonathan Vaughn