Hi,

It worked!

I tried 'id ronni' which did not work.
Then I stopped nscd and success! I am now able to login using the user
in LDAP.

Now, I have read a lot, and seems to have lost the complete overview of
how it all works together. Can someone explain to me, just in a
superficial way, how it fits together or point me to a link?

My next step is to get Kerberos working with SSH, as I understand it, I
have to configure SSH to use Kerberos to authenticate the user by
forwarding my local Kerberos key; is that correct?

Thank you for your help so far!

- Ronni



On Thu, 2008-10-30 at 12:52 +0100, Davor Ocelic wrote:
> On Thu, 30 Oct 2008 10:36:35 +0100
> Ronni Feldt wrote:
>
> > Hi,
> >
> > Im still trying to get this to work.
> >
> > tail /var/log/auth.log on workstation says this:
> > Oct 30 10:29:02 rofe login[11133]: pam_unix(login:auth): check pass;
> > user unknown
> > Oct 30 10:29:02 rofe login[11133]: pam_unix(login:auth):
> > authentication failure; logname=rofe uid=0 euid=0 tty=tty2 ruser=
> > rhost= Oct 30 10:29:02 rofe login[11133]: pam_unix(login:account):
> > could not identify user (from getpwnam(ronni))
> >

>
> Hello,
>
> Tcpdump is an overkill in this simple scenario.
>
> A requirement for the login to succeed is to have commands such as
> 'id mirko' or 'id ronni' return the getent information for the
> requested user.
>
> Not always, but 'getent passwd' should in most cases also return
> an output that looks like a passwd file, but has both local and
> remote entries included.
>
> For that, you need libnss-ldap package installed & configured on
> the client. (Configuration consists of libnss-ldap.conf and
> nsswitch.conf).
>
> Also, if you have nscd installed on the client, turn it off for
> a while until you get 'id ronni' working.
>
> After you get that working first, move onto getting the actual
> login step.
>
> Cya,
> -doc
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos