centOS 5.9 getent passwd returns only local accounts.
Hi all,
recently I tried to setup kerberos+ldap authentication to window 2008 sever for my centOS 5.9 64bit client, but I can't find domain users like I did at centOS 5.10 64 bit, following are config files, and port 389 and 88 are open, I did ldapsearch with bind accounts also fine. any help appreciate! Note: I installed krb5-workstation,openldap-clients,nss_ldap,pam_krb5 [root@xxx ~]# nc -zv x.x.7.34 389 Connection to x.x.7.34 389 port [tcp/ldap] succeeded! [root@xxx ~]# nc -zv x.x.7.34 88 Connection to x.x.7.34 88 port [tcp/kerberos] succeeded! [root@xxx ~]# nc -u -zv x.x.7.34 88 Connection to x.x.7.34 88 port [udp/kerberos] succeeded! 1./etc/nsswitch.conf passwd: files ldap shadow: files ldap group: files ldap 2./etc/pam.d/system-auth auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_krb5.so use_first_pass auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_krb5.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_krb5.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_krb5.so session required pam_mkhomedir.so skel=/etc/skel/ umask=0077 3./etc/krb5.conf [libdefaults] default_realm = x.x.COM dns_lookup_realm = false dns_lookup_kdc = false [realms] x.x.COM = { kdc = x1-inf-dc-s01.cloud.x.com admin_server =x1-inf-dc-s01.cloud.x.com } [domain_realm] x.com = x.x.COM .x.com = x.x.COM [appdefaults] validate = false 4./etc/ldap.conf uri ldap://x.x.7.34/ base dc=x,dc=x,dc=com ldap_version 3 port 389 scope sub ssl no binddn CN=Linux-bind-user,OU=Service_accounts,OU=x,DC=cloud,DC=x,DC=com bindpw xxxxx nss_map_objectclass posixAccount User nss_map_objectclass shadowAccount User nss_map_objectclass posixGroup Group nss_map_attribute uid sAMAccountName nss_map_attribute uidNumber msSFU30UidNumber nss_map_attribute gidNumber msSFU30GidNumber nss_map_attribute gecos name nss_map_attribute homeDirectory msSFU30HomeDirectory nss_map_attribute userPassword msSFU30Password nss_map_attribute loginShell msSFU30LoginShell nss_map_attribute uniqueMember msSFU30PosixMember nss_map_attribute cn cn pam_login_attribute sAMAccountName pam_filter objectclass=User nss_base_passwd OU=x,OU=Administrators,OU=x,dc=cloud,dc=x,dc=com?sub nss_base_shadow OU=x,OU=Administrators,OU=x,dc=cloud,dc=x,dc=com?sub nss_base_group OU=Groups,OU=x,dc=cloud,dc=x,dc=com?sub pam_password ad sudoers_base CN=x-admins,OU=Groups,OU=x,DC=cloud,DC=x,DC=com |
Do you also have a hosts definition in nsswitch.conf, and all necessary hostnames in /etc/hosts ?
|
Following is my /etc/host, I can ping the DC server by name since /etc/resolv,conf defined name server.
# Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 x.cloud.x.com x-x-x-g01 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 /etc/hosts (END) /etc/nsswitch.conf hosts: files dns |
All times are GMT -5. The time now is 05:27 PM. |