Hello, I have configure a redhat box to authenticate users over an openldap server. "Systems" account ( uid > 500 ) are not created in ldap but are authentified over local password db. system-auth : ... auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_sss.so use_first_pass auth required pam_deny.so ... My ldap directory also contains posixgroups. I noticed that if I configure locally a system account to use an ldap GID, then the user is properly registered as a member of this group as well as any other groups it would be member of locally ( declared in /etc/group ). But if I declare in local /etc/passwd a local group as being the primary group for that user, then the user is not registered as being member of any ldap group it would be "subscribed" to. QUESTION : is there anyway to configure pam to say that the user group list includes ldap groups the user is member of as well as local groups, even if the primary group of that user is local ? Thanks --- Olivier _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
