Re: Kerberos and LDAP
On Thu, 30 Oct 2008 10:36:35 +0100
Ronni Feldt <firstname.lastname@example.org> wrote:
> Im still trying to get this to work.
> tail /var/log/auth.log on workstation says this:
> Oct 30 10:29:02 rofe login: pam_unix(login:auth): check pass;
> user unknown
> Oct 30 10:29:02 rofe login: pam_unix(login:auth):
> authentication failure; logname=rofe uid=0 euid=0 tty=tty2 ruser=
> rhost= Oct 30 10:29:02 rofe login: pam_unix(login:account):
> could not identify user (from getpwnam(ronni))
Tcpdump is an overkill in this simple scenario.
A requirement for the login to succeed is to have commands such as
'id mirko' or 'id ronni' return the getent information for the
Not always, but 'getent passwd' should in most cases also return
an output that looks like a passwd file, but has both local and
remote entries included.
For that, you need libnss-ldap package installed & configured on
the client. (Configuration consists of libnss-ldap.conf and
Also, if you have nscd installed on the client, turn it off for
a while until you get 'id ronni' working.
After you get that working first, move onto getting the actual