Guys,
I can't seem to get this stuff to work. It starts to fail at the part 'getent'. The in /var/log/messages it gives me:
Sep 7 11:52:42 nspc1019 sudo: nss_ldap: could not search LDAP server - Operations error Sep 7 11:55:40 nspc1019 sudo: nss_ldap: could not search LDAP server - Operations error Sep 7 11:56:37 nspc1019 sudo: nss_ldap: could not search LDAP server - Operations error Sep 7 13:13:37 nspc1019 sshd[7775]: pam_ldap: error trying to bind (Invalid credentials)
Any suggestions?
How about searching the LDAP via the ldapsearch tool? Is this MS AD or Samba 4 AD? It would appear you need to use either LDAPS or supply credentials to access LDAP.
For MS AD you might have to use winbind for accounts, as per the HOWTO: Active Directory Authentication thread on ubuntuforums.
How about if you are running an AD setup with multiple domains? The nss_ldap part appears to search child domains, but what about pam_krb5? Is it possible to specify multiple kerberos domains and multiple default domains to have it try them all? I have a setup with an ad domain and two child domains, and would like to authenticate to the child domains. Once again, any suggestions?
I followed these instructions and installed this on a Ubuntu server that has Apache2 running, the two software packages conflicted on the domains, as the domain name of the server is different than the domain that LDAP runs on. I had to uninstall the LDAP support so that my Apache2 would run without problems. Any idea with avoiding this problem would be great.
© 2009 Novell, Inc. All Rights Reserved.
