[Fedora-directory-users] Trouble with NSS and Fedora-ds
Agnaldo Freitas
afreitas at sei.ba.gov.br
Tue Jan 9 19:45:34 UTC 2007
Hi List!
Ldapsearch returns data from "Fedora-DS" but "getent group/passwd" and "id user" commands can not get them. They just can get data from "/etc/passwd" and "/etc/group".
What is wrong?
Please, can someone help me?
Agnaldo
P.S.: Some configuration files
# /etc/pam.d/system-auth
####################
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so broken_shadow
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so
# /etc/nsswitch.conf
#################
passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns
bootparams: files
ethers: files
netmasks: files
networks: files
protocols: files ldap
rpc: files
services: files ldap
netgroup: files ldap
publickey: files
automount: files ldap
aliases: files
# ldap.conf
#########
host 192.168.2.3
base dc=sei,dc=intranet
bindpw passwd
rootbinddn cn=Directory Manager,dc=sei,dc=intranet
timelimit 50
pam_lookup_policy yes
nss_base_passwd ou=People,dc=sei,dc=intranet?one
nss_base_shadow ou=People,dc=sei,dc=intranet?one
nss_base_group ou=Groups,dc=sei,dc=intranet?one
pam_password exop
ssl off
# /etc/pam.d/login
################
#%PAM-1.0
auth required pam_securetty.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
#auth sufficient /lib/security/pam_ldap.so use_first_pass
#account sufficient /lib/security/pam_ldap.so
account sufficient pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
# pam_selinux.so close should be the first session rule
# session required pam_selinux.so close
session required pam_stack.so service=system-auth
session required pam_loginuid.so
session optional pam_console.so
# pam_selinux.so open should be the last session rule
# session required pam_selinux.so open
[root at netuno1 ~]# strings /lib/libnss_ldap.so.2 | grep conf
_nss_ldap_readconfig
_nss_ldap_readconfigfromdns
_nss_ldap_init_config
sysconf
-conf
/etc/ldap.conf
/etc/openldap/ldap.conf
version conflict in sasl_client_add_plugin for %s
%.*s%c%s.conf
auth-conf
DB environment not configured for transactions
Database environment not configured for encryption
%s interface requires an environment configured for the %s subsystem
DB_ENV->set_lk_conflicts
Environment not configured as replication master or client
an index not configured to support duplicates
Primary databases may not be configured with duplicates
ssl session id conflict
confounded by authenticator.
configuration file routines
id-it-confirmWaitTime
id-cmc-confirmCertAcceptance
no sign function configured
no verify function configured
no config database
X509V3_EXT_conf
no conf
no conf or environment variable
conflicting engine id
v3_conf.c
conf_lib.c
conf_api.c
conf_def.c
/etc/krb5.conf:/etc/krb5.conf
Can't open/find Kerberos configuration file
Improper format of Kerberos configuration file
No supported encryption types (config file error?)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20070109/2a1643dd/attachment.html>
More information about the 389-users
mailing list