[ILUG] Single Sign On and Active Directory
mrk at europe.renre.com
Mon Aug 16 12:01:15 IST 2004
On Mon, 2004-08-16 at 11:30, David Dorgan wrote:
> > At login we get the following message.
> > "Authentication service cannot retrieve authentication info"
> First off, add
> shadow: compat ldap
> Is nss_ldap setup for nss_base_shadow?
> If you ever have a probelm with PAM, basically
> put debug every all of those entries. pam_unix.so debug etc..
Added debug to all of them and not seeing any more logging.
> Also add:
> account optional pam_krb5.so debug
> password sufficient pam_krb5.so debug
> session optional pam_krb5.so debug
Still after all of this shadow is not being retrieved from the DC
Also I check that I was running nscd, and I am but I have tried this
configuration without nscd last week and got the same problem.
Note I don't actually need shadow I just need for login to work, if I
could get nss_ldap to replace the password field of passwd with "*K*" to
indicate that I'm using kerberos then everything would be happy (I
> After this, I would suggest you strace -p
> it in action, you'll see the pid in syslog,
> if you have the debug options on. Also,
> if you did want it for wait for a bit, so you
> could look and see what it was doing,
> plug out the network (but don't bring down the
> card) so it'll spend lots of time doing
> networking things.
> Also, if you are unsure of what is being checked
> you could run ethereal and see what is being
> checked remotely.
> There are some good resources on the subject in general:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mail.linux.ie/pipermail/ilug/attachments/20040816/4e2edc09/attachment.pgp
More information about the ILUG