3

I've almost got my AD integration working completely on my OpenSUSE 12.1 server. I have a OpenSUSE 11.4 system successfully integrated into our AD environment. (Meaning, we use LDAP to authenticate to AD directory via Kerberos, so we can login to our *nix systems via AD users, using name service caching daemon to cache our passwords and groups).

Also, important to note these systems are in our LAN, SSL authentication is disabled.

I am almost all the way there. nss_ldap is finally authenticating with LDAP server (as /var/log/messages shows), but right now, I have another problem:

getent passwd and getent shadow fails (shows local accounts only), but getent group works! getent group shows all my ad groups!

I copied over the relavent configuration files from my working OpenSUSE 11.4 box:

 /etc/krb5.conf
 /etc/nsswitch.conf
 /etc/nscd.conf
 /etc/samba/smb.conf
 /etc/sssd/sssd.conf
 /etc/pam.d/common-session-pc
 /etc/pam.d/common-account-pc
 /etc/pam.d/common-auth-pc
 /etc/pam.d/common-password-pc

I didn't modify anything between the two. I really don't think I need to modify anything, because getent passwd, getent shadow, and getent group all works fine on the OpenSUSE11.4 box.

Attempting to restart nscd service unfortunately didn't do much, and niether did running /usr/sbin/nscd -i passwd.

Do any of you admin-gurus have any suggestions?

Honestly, I'm happy I made it this far. I'm almost there guys!

U880D
  • 597
  • 7
  • 17
slugman
  • 123
  • 2
  • 4
  • 7

1 Answers1

3

With regards to getent passwd/shadow its most likely configuration differences in the /etc/switch.conf file. You might be using the following rule, which your client doesn't like.

passwd: compat
shodow: compat

passwd_compat:  ldap
shadow_compat:  ldap

Iv seen this on some of my clients where i needed to change it to the following

passwd: files ldap
shadow: files ldap

( comment out "passwd_compat: ldap" and "shadow_compat: ldap" )

Something you might want to try.

U880D
  • 597
  • 7
  • 17
Tman
  • 111
  • 7