Date: Wed, 12 Oct 2011 12:29:05 +0800 From: "Chao Shin" <quakelee@geekcn.org> To: freebsd-security@freebsd.org, "Lev Serebryakov" <lev@freebsd.org> Subject: Re: pam_ldap and nss_ldap : checken and egg problem with "wheel" group and "su" utility Message-ID: <op.v18r1df7hnq548@quakelee-work> In-Reply-To: <679126918.20110922121706@serebryakov.spb.ru> References: <679126918.20110922121706@serebryakov.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hello, Freebsd-security. > > I have chicken-adn-egg problem with wheel group and su utility when > all users but root are stored in LDAP. > > wheel group should be in /etc/group to allow basic system services > to start before LDAP is available. > > But when "wheel" is in /etc/group with only "root" member (as all > other members are in LDAP), system never takes "wheel" members from > LDAP (because /etc/group has priority) and "su" doesn't work! > > What is proper way to resolve this problem? > I don't have system to test this now, but you can try below config in your nsswitch.conf group: files [success=return notfound=continue] ldap passwd: files [success=return notfound=continue] ldap I didn't meet this problem in my last company's environment -- The Power to Serve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.v18r1df7hnq548>