From owner-freebsd-stable@FreeBSD.ORG Sun Jan 22 05:14:41 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D317B16A420 for ; Sun, 22 Jan 2006 05:14:41 +0000 (GMT) (envelope-from zenk0022@umn.edu) Received: from mtaout-a.tc.umn.edu (mtaout-a.tc.umn.edu [134.84.119.206]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0BB5C43D73 for ; Sun, 22 Jan 2006 05:14:34 +0000 (GMT) (envelope-from zenk0022@umn.edu) Received: from [10.10.10.55] (CPE-65-25-222-157.mn.res.rr.com [65.25.222.157]) by mtaout-a.tc.umn.edu with ESMTP; Sat, 21 Jan 2006 23:14:30 -0600 (CST) X-Umn-Remote-Mta: [N] CPE-65-25-222-157.mn.res.rr.com [65.25.222.157] #+TS+AU+HN Message-ID: <43D314B9.2000400@umn.edu> Date: Sat, 21 Jan 2006 23:14:33 -0600 From: Andrew Zenk User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051227) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Daniel O'Connor References: <200601201130.18872.doconnor@gsoft.com.au> <7daacbbe0601192341p32673972j8f309dff1df543aa@mail.gmail.com> <200601211452.16670.doconnor@gsoft.com.au> In-Reply-To: <200601211452.16670.doconnor@gsoft.com.au> X-Enigmail-Version: 0.92.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-stable@freebsd.org Subject: Re: Using [Open]LDAP for authentication X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Jan 2006 05:14:41 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 My guess is that you have a group (wheel) defined in /etc/group that is conflisting with the one in ldap. I've had this issue before. I solved it by deleteing the offending group from the group file. Another solution would be to tell sudo to look for a different group and make sure the LDAP group is unique. - -- Andrew Zenk Daniel O'Connor wrote: > On Friday 20 January 2006 18:11, Dominique Goncalves wrote: > >> I've reported recently a problem with the same symptoms [1] but I >> use this order in my nsswitch.conf "files ldap". >> >> All exemples I found on internet use this order. And if I >> understand correctly, this order means, if a user is not found in >> files then it tries on ldap? > > > Yes, that is my understanding. > > I have also found another problem with using "files ldap" - both > sudo and su don't work. They both appear to fail to find that I am > in wheel and hence won't let me do anything :( > > If I have "ldap files" then they work OK. > > "ldap files" should work for bootup too except that nss_ldap seems > to sleep trying to reconnect to the ldap server instead of giving > up quickly. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQIVAwUBQ9MUuBgHJI5iksGGAQiboQ/8DzWH8RV2KNh7ERMANVJ/O5KANCNUbQO5 nMikac7+oGDL0lmXJb/E4bbSIhb/cpPAgJCOMIW9neKKzQKQRvJipczEezVHj4pz sfAAkAdCZ2i+z2recbEnB16T0wzBTRkCtDsh9WGPj6W9UFyw2btNemLO5baFByZO HTTSwxG2E/Az3uHDMHhjlKZ5fzxpSr+sf9Wqr9Kt8ihUYpdiraPs/egkzV3ut+OR LRohhiJuP6xTaI0hIzSVmP1s9bGO7f5idlIvENdZIJIaEh9r0V1FDZA6+nFUSFh1 qVfJLgyuVpQV3qKteDAehdg6vhzNXyEZeAkNdEUtMZvkzskdvJrgHjpBQdeXgQfr MmhON/y664t2jajxd1cCFrtDFMukl7CA/OMBbA34YsCHKxx3atYWubql7eIGMGgK BwjXM+zIU1IBD5/dlyueL28SG3ys28HQL3H3kR6o+MJru+aO3tR2CTlCioiGNqK3 U70a6Mcpb4lqoJPFpszkghUxqkddZdkRHk3MJesyZkRYjQxtJ014heLTfe4YXU2/ klsn4e+M2BWS7kw2ZeryJtXscBj8KkyU6iVwXyvm4CNJT8TSqh8S+BtFlNr6buxR SXgYeuYeyO6v7mQp9HaPBXqTvIu/THl5S07P+9Q6cntD3jehJarg1LqlvfkHL6kJ Prh7GbruVqw= =NZl+ -----END PGP SIGNATURE-----