I want authentication against local openldap server. After several
unsuccessful attempts configure sssd I uninstall sssd-* stuff and
configure things with pam_ldap/nss_ldap (fortunately when not
installed sssd, then system-config-authentication seems configure
/etc/pam.d/* files correctly).
But my system behaves weirdly: When I have in /etc/nsswitch.conf
only "files" service lookup, all is OK. But when I specify passwd,
shadow and group database as below:
#--- my "/etc/nsswitch.conf":
passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: nisplus
automount: files
aliases: files
then NSS (or PAM?) LDAP modules are accessed, which appears as local
accounts are ignored. For that behavior either will not start services
which run as non-root users (named, httpd,.. and unluckily openldap
server too :( ) - they stops at "runuser ..." commands in their start
scripts.
Can someone help with? Due to which things system may behave in this
manner?
When I slightly modify nsswitch.conf as:
passwd: files [SUCCESS=return] ldap
shadow: files [SUCCESS=return] ldap
group: files [SUCCESS=return] ldap
then nothing changes. Grrr...
Thanks, Franta Hanzlik
Show replies by date