On Fri, Mar 13, 2009 at 11:10 PM, Ryan Braun [ADS] <ryan.braun at ec.gc.ca> wrote: > I find that starting small and working forward is the best way to go. > > First off, ?disable all encryption (for now). in pam_ldap.conf and libnss- > ldap.conf. ?I've found that running wireshark while learning/setting up the > clients helps a ton. ?You can see the ldap calls over tcpip and can also see > all the username and passwords. ?Which should inspire you to turn encryption > back on when done :) > > Next configure nss lookups. ?Make sure libnss-ldap is installed, ?And again > minimally, ?setup libnss-ldap.conf. ?Add ldap to your nsswitch.conf file and > try a getent (passwd|group). ?If nothing happens, ?check your sniffer and fds > logs to see if it was able to try and connect to your ldap server. > > Then move onto your pam config. ?Same as above, ?start minimally then add > configs/features later. ?But remember, ?FDS will not accept passwd changes from > the command line unless over TLs/SSL. ?But it will authenticate just fine. > > But like I said initially, ?for myself, ?watching wireshark helped a ton. > > Ryan > Hi Ryan, Now I can list all user from server using "getent passwd" but still can not get user /home detail using "getent passwd <user-name>". I already tried login using fds username and user not authenticated. Any help is appreciated. Thanks, Diwa -- Semua rasa ada disini http://www.teoteblung.co.cc
