We have an organization-wide LDAP server and a department-only NIS server. Many users have accounts with the same name on both servers. Is there any way to get Leopard/Snow Leopard machines to query one server, and then the other, and let the user log in if his username/password combination matches at least one record?
I can get either NIS authentication or LDAP authentication. I can even enable both, with LDAP set as higher priority, and authenticate using the name and password listed on the LDAP server. However, in the last case, if I set the LDAP domain as higher-priority in Directory Utility's search path and then provide the username/password pair listed in the NIS record, then my login is rejected even though the NIS server would accept it.
Is there any way to make the OS check the rest of the search path after it finds the username?
-
Well, the problem lies here: how pam modules pam_ldap.so and pam_unix.so are stacked. pam_unix.so deals with both nis and local files.
pass debug argument to pam_unix.so pass "debug 4" argument to pam_ldap.so
Append these arguments to every line that got these modules in system-auth file.
From RainDoctor
0 comments:
Post a Comment