On Fri, Mar 13, 2009 at 11:10 PM, Ryan Braun [ADS] <ryan.braun(a)ec.gc.ca> wrote:
I find that starting small and working forward is the best way to
First off, disable all encryption (for now). in pam_ldap.conf and libnss-
ldap.conf. I've found that running wireshark while learning/setting up the
clients helps a ton. You can see the ldap calls over tcpip and can also see
all the username and passwords. Which should inspire you to turn encryption
back on when done :)
Next configure nss lookups. Make sure libnss-ldap is installed, And again
minimally, setup libnss-ldap.conf. Add ldap to your nsswitch.conf file and
try a getent (passwd|group). If nothing happens, check your sniffer and fds
logs to see if it was able to try and connect to your ldap server.
Then move onto your pam config. Same as above, start minimally then add
configs/features later. But remember, FDS will not accept passwd changes from
the command line unless over TLs/SSL. But it will authenticate just fine.
But like I said initially, for myself, watching wireshark helped a ton.
Now I can list all user from server using "getent passwd" but still
can not get user /home detail using "getent passwd <user-name>". I
already tried login using fds username and user not authenticated.
Any help is appreciated.
Semua rasa ada disini