Slackware 13.37 + NSS_LDAP; i can getent and su to user from root,but not usr 2 usr?
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Slackware 13.37 + NSS_LDAP; i can getent and su to user from root,but not usr 2 usr?
Hi everybody, i have a Slackware LDAP server working fine, i can connect to it with a redhat client just fine. I also have a Slackware client that i want to get working, it is a fresh install of 13.37 with a nss_ldap package installed, i have the /etc/ldap.conf configured correctly and nsswitch.conf with ldap before files on the passwd,shadow,and group. I can su to my 2 ldap test users when i am root, but i cant switch from user to user, i get Authentication Failed....any ideas? thanks alot.
---------- Post added 07-28-11 at 11:26 AM ----------
sorry, i forgot to mention that getent passwd retrieves the 2 ldap users information correctly.
Did you follow a particular guide when configuring your client? I have never used slackware as a client, because I thought the lack of pam in slack would need a little touch of good old know how to install.
Hi, thanks for the reply, no i didnt follow a particular tutorial just took something from every tutorial i read. Im whondering now if it is impossible to login to a LDAP user without pam?
According to Alien Bob it's not necessary to use pam with ldap, however, the tutorial he is refering to, is no longer existing. But there might be others laying around.
Also, this was for slackware 9.0, things might have changed, but I guess the principle will still work.
Hi, thanks for the reply Dinithon!, the nss_ldap package i installed was by alien. If anyone knows what i am missing i would really appreciate it, Thanks everyone!
How can I authenticate a Slackware client against an LDAP server without PAM?
If you've read above, you know that Slackware doesn't support PAM,
but the most common way of configuring a linux client to authenticate
against an LDAP server is to use PAM. What to do?
Well, one method is to use the nss_ldap software provided by PADL
(http://www.padl.com). You'll need to obtain and install the
software yourself, but it's a lot easier than installing PAM.
The basic procedure follows:
- Install nss_ldap on the client.
[FIX ME: some LDAP directories can be configured to permit anonymous
binding for the purpose of authenticating users. The
following steps should not be necessary in those cases]
[--------------------------------------------------------------]
- Obtain from your LDAP server admin an LDAP account that has the
ability to read (at least, write is helpful) all of the appropriate
login information. In particular, this account must have at least
read access to the userPassword attribute of all accounts to be used
on the Slackware client.
- Configure this DN in ldap.conf as rootbinddn.
- Create a file, /etc/ldap.secret, and add the rootbinddn's password
(cleartext!) to the first line of the file. Add a trailing newline
to the password.
[--------------------------------------------------------------]
- Modify /etc/nsswitch.conf to authenticate against LDAP. You'll
probably want to modify at least passwd, group, and shadow. It's
best to add ldap after the files entry for each database (or in an
appropriate order, if you use things like nis). (Personally, I don't
recommend using compat mode if also using nis or ldap.)
That's all you should need to do - no restarting of daemons should be
needed.
Personally I switched from nss_ldap to nss-pam-ldapd a while ago, because it has some advantages over nss_ldap (see http://arthurdejong.org/nss-pam-ldapd/) and I highly recommmend to give it a try.
Although the name suggests it, it doesn't require PAM. There's no package availabe, but a simple "./configure --disable-pam --mandir=/usr/man;make;make install" will do.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.