On Thu, 3 Jun 2004, Doncho N. Gunchev wrote:
On Wednesday 02 June 2004 15:04, Pau Aliagas wrote:
I've been trying really hard to implement kerberos+ldap in fedora development and FC1/FC2 and I'm almost done, but there is one important thing that does not work: loginShell is ignored by nss_ldap.
I found out what happened and it was a silly mistake on my part putting this in slapd.conf:
access to attr=loginShell
by self writeSorry for the noise. It's ok now.
I've been trying too, but not that hard. Can you please describe this somewhere and post a link. I was fighting to make the system authenticate all users with UID < 500/1000 the old way and all others (mail/samba only) with LDAP/Kerberos, which is ideal in my eyes.
That is exactly what I'm doing. It almost works as distributed, but there are a few tweaks to setup kerberos and ldap.
The idea was that even with no network at all I still can login localy as root/UID<500/1000 and fix it. Kerberos + LDAP + Samba would be great for hybrid environments with WinXX workstations, linux servers and workstation(s) (my case).
I'll polish all the missing details (ldap and kerberos replication), scripts to add users, samba and Windows clients and post a Howto somewhere.
Pau
