|
|
Re: Really strange LDAP and ADS problem: msg#00015ldap.padl.nss
thak you for your answers. it changed the errors a bit, but it still does't work :-( i made some changes to libnss-ldap.conf, but its the same problem. the new file now looks like this: # egrep -v '^(#|$)' /etc/libnss-ldap.conf @(#)$Id: ldap.conf,v 2.41 2005/03/23 08:30:16 lukeh Exp $ host myw2003server base dc=mydomain,dc=de ldap_version 3 binddn CN=myuser,CN=Users,DC=mydomain,DC=de bindpw mypass port 389 scope sub pam_password ad nss_base_passwdou=Users,dc=mydomain,dc=de?sub nss_base_shadowou=Users,dc=mydomain,dc=de?sub nss_base_group ou=Group,dc=mydomain,dc=de?sub nss_base_hosts ou=Hosts,dc=mydomain,dc=de?sub nss_base_servicesou=Services,dc=mydomain,dc=de?sub nss_base_networksou=Networks,dc=mydomain,dc=de?sub nss_base_protocolsou=Protocols,dc=mydomain,dc=de?sub nss_base_rpc ou=Rpc,dc=mydomain,dc=de?sub nss_base_ethersou=Ethers,dc=mydomain,dc=de?sub nss_base_netmasksou=Networks,dc=mydomain,dc=de?sub nss_base_bootparamsou=Ethers,dc=mydomain,dc=de?sub nss_base_aliasesou=Aliases,dc=mydomain,dc=de?sub nss_base_netgroupou=Netgroup,dc=mydomain,dc=de?sub nss_map_objectclass posixAccount user nss_map_objectclass shadowAccount user nss_map_attribute uid sAMAccountName nss_map_attribute homeDirectory unixHomeDirectory nss_map_attribute shadowLastChange pwdLastSet nss_map_objectclass posixGroup group nss_map_attribute uniqueMember member pam_login_attribute sAMAccountName pam_filter objectclass=User i tried all scopes, but none worked :-( i am still confused, why getent passwd receives the AD structure, but doesn't print it: # getent passwd Administrator takes about 2 secons, but prints nothing but # strace -v -s 5000 getent passwd shows, that the account is read?!?! [...] time([1141926632]) = 1141926632 select(1024, [4], [], NULL, NULL) = 1 (in [4]) read(4, "0\204\0\0\1(\2\1", 8) = 8 read(4, "\2d\204\0\0\1\37\4)CN=Administrator,CN=Users,DC=mydomain,DC=de0\204\0\0\0\3560\204\0\0\0<\4\vobjectClass1\204\0\0\0)\4\3top\4\6person\4\24organizationalPerson\4\4user0\204\0\0\0\31\4\2cn1\$time([1141926632]) = 1141926632 select(1024, [4], [], NULL, NULL) = 1 (in [4]) [...] when I now make an # ssh -l linuxuser linuxserver i can login # tail /var/log/auth.log sshd[7427]: Accepted keyboard-interactive/pam for linuxuser from ::ffff:myclientip port 34608 ssh2 sshd[7430]: (pam_unix) session opened for user linuxuser by (uid=0) but # ssh -l Administrator 10.110.1.217 makes auth.log write: sshd[7435]: Illegal user Administrator from ::ffff:myclientip have you any ideas? -- View this message in context: http://www.nabble.com/Really-strange-LDAP-and-ADS-problem-t1252871.html#a3334734 Sent from the NSS LDAP forum at Nabble.com. |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | RE: Really strange LDAP and ADS problem: 00015, Luke Howard |
|---|---|
| Next by Date: | Re: Really strange LDAP and ADS problem: 00015, andbaum (sent by Nabble.com) |
| Previous by Thread: | RE: Really strange LDAP and ADS problemi: 00015, Ivaylo Stratkov |
| Next by Thread: | Re: Really strange LDAP and ADS problem: 00015, andbaum (sent by Nabble.com) |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |