[Hardy][LDAP]client authentication broken
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libpam-ldap (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
System:
Ubuntu 8.04.2
Release: 8.04
Possible Packages causing the problem:
libpam-ldap, libnss-ldap
Situation:
The affected machine should connect to a ldap server:
/etc/ldap/
BASE dc=hektor,dc=nigel
URI ldap://hektor.nigel
TLS_CACERT /etc/ldap/
TLS_REQCERT never
/etc/ldap.conf:
host 192.168.0.1
base dc=hektor,dc=nigel
uri ldap://
ldap_version 3
rootbindn cn=admin,
port 389
bind_policy soft
pam_password crypt
ssl start_tls
tls_checkpeer no
tls_cacertfile /etc/ldap/
nss_base_passwd ou=People,
nss_base_shadow ou=People,
nss_base_group ou=Group,
nss_base_hosts ou=Hosts,
nss_initgroups_
/etc/pam.
account sufficient pam_ldap.so
account required pam_unix.so
/etc/pam.
auth sufficient pam_ldap.so
auth required pam_unix.so nullok_secure use_first_pass
/etc/pam.
password sufficient pam_ldap.so
password required pam_unix.so nullok obscure min=4 max=8 md5
/etc/pam.
session required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel/
session optional pam_ldap.so
session optional pam_foreground.so
Problem:
The mapped users / groups do not make sense, ldap authentication does not work:
$ id | grep users
uid=1001(mirjam) gid=1001(mirjam) Gruppen=
$ ls -lh | grep bilder
drwxrwx--- 21 fidel users 4.0K 2008-10-22 12:50 bilder
$ ls bilder
... Permission denied
Reproducable: Always
Thank you for reporting this bug and helping make Ubuntu better. Can you post the contents of /etc/nsswitch.conf?
For LDAP authentication you will need to have entries similar to:
passwd: files ldap
group: files ldap
shadow: files ldap
Thanks,
Adam