Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi,
I am new to LQ, and Linux system administration!
In our office we log in to our local machines via a remote kerberos authentication server (kerb.abc.edu), so we actually don't need to create any local login on any of the machines. The home directories are automounted via nfs fileserver.
Now we have a new machines with Mandriva. I want to setup the similar logon procedure for this machine. I copied the content of /etc/krb5.conf file from one of our old machine to the new machine. But still I cannot login without a local login. What are the things I need to change to achieve this?
The content of /etc/krb5.conf is
My kerberos isn't too hot, but firstly it's for authentication only, not user information, and that's the first step. You need to obtain a POSIX compliant user account, e.g. from ldap, nis or such like, and then use that account to authenticate with kerberos and get a ticket. So on other linux boxes, check /etc/nsswitch.conf to start off by seeing where they get their user info from.
base dc=abc,dc=edu
uri ldap://xyz.mn.abc.edu
timelimit 5
bind_timelimit 5
bind_policy soft
idle_timelimit 3600
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
nss_default_attribute_value cn Anonymous
Before I change nsswitch.conf and ldap.conf in the new machine, I just want to know:
a) The reference files are from RHEL5 installation where both ldap.conf and nsswitch.conf are in /etc/; but the new machine, which has Mandriva, has nsswitch.conf in /etc/ and ldap.conf in /etc/open-ldap/. So do this relatively different path of ldap.conf should be incorporated in nsswitch.conf, i.e., should I change nsswitch.conf as
/etc/ldap and /etc/openldap/ldap.conf are DIFFERENT files, not to be confused.
you'll be able to use local files still yes. Most notably as the local files are listed first it won't even go near ldap if it finds it. Run "getent passwd" to dump the list of users known to the system, that should show all of /etc/passwd followed by the ldap accounts if it's working ok.
on the Mandriva (Offcial 2008) as there was no ldap.conf in the /etc/
2. I copied nsswitch.conf, ldap.conf and krb5.conf files from old working machine (RHEL5) and pasted them on to the new Mandriva /etc/
3. I did
Code:
urpmi nscd
on new machine and overwrote the nscd.conf with the nscd.conf from old one (RHEL5)
4. I ran
Code:
getent passwd; getent groups
and it showed all the local groups/users as well as groups/users via ldap. (Though the list of passwd seemed truncated, as I know there are thousands of users on the ldap server).
So I tried to login using central login, but permission denied! I compared the output of getent passwd and getent groups for the new Mandriva and old working RHEL5. They seemed to be in line, though RHEL one has few more local entries than Mandriva. Should I post the local part of the getent output? Since the output is large and I'm not sure whether they'll help, I am not including them in this post. But if you think the clue lies there, I'll post them.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.