Date: Sat, 21 Jan 2006 23:14:33 -0600 From: Andrew Zenk <zenk0022@umn.edu> To: Daniel O'Connor <doconnor@gsoft.com.au> Cc: freebsd-stable@freebsd.org Subject: Re: Using [Open]LDAP for authentication Message-ID: <43D314B9.2000400@umn.edu> In-Reply-To: <200601211452.16670.doconnor@gsoft.com.au> References: <200601201130.18872.doconnor@gsoft.com.au> <7daacbbe0601192341p32673972j8f309dff1df543aa@mail.gmail.com> <200601211452.16670.doconnor@gsoft.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 My guess is that you have a group (wheel) defined in /etc/group that is conflisting with the one in ldap. I've had this issue before. I solved it by deleteing the offending group from the group file. Another solution would be to tell sudo to look for a different group and make sure the LDAP group is unique. - -- Andrew Zenk Daniel O'Connor wrote: > On Friday 20 January 2006 18:11, Dominique Goncalves wrote: > >> I've reported recently a problem with the same symptoms [1] but I >> use this order in my nsswitch.conf "files ldap". >> >> All exemples I found on internet use this order. And if I >> understand correctly, this order means, if a user is not found in >> files then it tries on ldap? > > > Yes, that is my understanding. > > I have also found another problem with using "files ldap" - both > sudo and su don't work. They both appear to fail to find that I am > in wheel and hence won't let me do anything :( > > If I have "ldap files" then they work OK. > > "ldap files" should work for bootup too except that nss_ldap seems > to sleep trying to reconnect to the ldap server instead of giving > up quickly. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQIVAwUBQ9MUuBgHJI5iksGGAQiboQ/8DzWH8RV2KNh7ERMANVJ/O5KANCNUbQO5 nMikac7+oGDL0lmXJb/E4bbSIhb/cpPAgJCOMIW9neKKzQKQRvJipczEezVHj4pz sfAAkAdCZ2i+z2recbEnB16T0wzBTRkCtDsh9WGPj6W9UFyw2btNemLO5baFByZO HTTSwxG2E/Az3uHDMHhjlKZ5fzxpSr+sf9Wqr9Kt8ihUYpdiraPs/egkzV3ut+OR LRohhiJuP6xTaI0hIzSVmP1s9bGO7f5idlIvENdZIJIaEh9r0V1FDZA6+nFUSFh1 qVfJLgyuVpQV3qKteDAehdg6vhzNXyEZeAkNdEUtMZvkzskdvJrgHjpBQdeXgQfr MmhON/y664t2jajxd1cCFrtDFMukl7CA/OMBbA34YsCHKxx3atYWubql7eIGMGgK BwjXM+zIU1IBD5/dlyueL28SG3ys28HQL3H3kR6o+MJru+aO3tR2CTlCioiGNqK3 U70a6Mcpb4lqoJPFpszkghUxqkddZdkRHk3MJesyZkRYjQxtJ014heLTfe4YXU2/ klsn4e+M2BWS7kw2ZeryJtXscBj8KkyU6iVwXyvm4CNJT8TSqh8S+BtFlNr6buxR SXgYeuYeyO6v7mQp9HaPBXqTvIu/THl5S07P+9Q6cntD3jehJarg1LqlvfkHL6kJ Prh7GbruVqw= =NZl+ -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43D314B9.2000400>