Re: check group membership locally and in also in ldap

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ooops : you are right.

I have written in nsswitch.conf :

group:    sss files

instead of

group:    files sss

And I obtain ( more or less) what I want.

Thanks !

---
Olivier

2012/3/13 Stef Bon :
> Isn't this a nss question, and not PAM?
>
> Stef
>
> 2012/3/13 bloguillard <blog@xxxxxxxxxxxxxxx>:
>> Hello,
>>
>> I have configure a redhat box to authenticate users over an
>> openldap server. "Systems" account ( uid > 500 ) are not
>> created in ldap but are authentified over local password db.
>>
>> system-auth :
>> ...
>> auth        required      pam_env.so
>> auth        sufficient    pam_unix.so nullok try_first_pass
>> auth        requisite     pam_succeed_if.so uid >= 500 quiet
>> auth        sufficient    pam_sss.so use_first_pass
>> auth        required      pam_deny.so
>> ...
>>
>> My ldap directory also contains posixgroups.
>>
>> I noticed that if I configure locally a system account to use
>> an ldap GID, then the user is properly registered as a member
>> of this group as well as any other groups it would be member
>> of locally ( declared in /etc/group ).
>>
>> But if I declare in local /etc/passwd a local group as being the
>> primary group for that user, then the user is not registered as being
>> member of any ldap group it would be "subscribed" to.
>>
>> QUESTION : is there anyway to configure pam to say that the
>> user group list includes ldap groups the user is member of
>> as well as local groups, even if the primary group of that user
>> is local ?
>>
>> Thanks
>>
>> ---
>> Olivier
>>
>> _______________________________________________
>> Pam-list mailing list
>> Pam-list@xxxxxxxxxx
>> https://www.redhat.com/mailman/listinfo/pam-list
>
> _______________________________________________
> Pam-list mailing list
> Pam-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/pam-list

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list



[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux