Sean Carolan wrote: >> It's not clear to me what OS/distribution you're doing this on, but for >> the most part we have cfengine run authconfig on our Red Hat boxes to >> set up the basic LDAP auth (it's a one-liner if done that way), and then >> push around the sshd_config file. >> > > We have a combination of centos and Red Hat servers, so the authconfig > should work just as you mentioned. Mind if I ask which action you > used in your cfengine policy to do this? > No problem... ours is under shellcommands, and looks something like this: role_ldap_clients:: "/usr/sbin/authconfig --enableldap --enableldapauth --enablecache --ldapserver=ldaphost --ldapbasedn="dc=example,dc=com" --enableldaptls --disableshadow --kickstart" Incidentally, that may also answer your other question about how to disable local shadow file passwords. -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users