From a system administrators point of view it is tempting to create local users on the laptop but this causes trouble when these laptops have to access domain resources like network shares NFS, sshfs, Samba, etc. Many of these network shares rely on a central name service database like LDAP because of user and group information and permissions on the share.
NSCD can also be used to serve these requests while there is no network connectivity. In short: NSCD is configured to cache the information much longer than the default values from Debian Lenny For debugging it is recommended to not to run nscd the Name Service Caching Daemon because nscd can mask problems by serving entries from it's cache. Certain versions of libnss-ldap have been known to set restrictive permissions on this file.
Note that not all NSS lookups will go through nscd only passwd , group and host so this may not work in all circumstances. To request a support incident, send email to: nssldap-support padl.
Releases No releases published. Packages 0 No packages published. Contributors 5. You signed in with another tab or window. Reload to refresh your session.
You signed out in another tab or window. Active Oldest Votes. Improve this answer. AliAlipourR Correct. PAM can check if a credential such as a password is acceptable almost anywhere.
Sign up or log in Sign up using Google. Sign up using Facebook. Sign up using Email and Password. Post as a guest Name. Email Required, but never shown. The Overflow Blog. You can also install these packages even if the switch is not connected to the internet, as they are contained in the cumulus-local-apt-archive repository that is embedded in the Cumulus Linux image.
You need to select at least the passwd , group , and shadow services press space to select a service. When done, click OK. This creates a very basic LDAP configuration using anonymous bind and initiates user search under the base DN specified. After the installation is complete, the name service caching daemon nslcd runs. Keep compat as the first source in NSS for passwd , group , and shadow. This prevents you from getting locked out of the system. Entering incorrect information during the installation process might produce configuration errors.
You can correct the information after installation by editing certain configuration files. Instead of running the installer and following the interactive prompts, as described above, you can pre-seed the installer parameters using debconf-utils.
Run apt-get install debconf-utils and create the pre-seeded parameters using debconf-set-selections. Provide the appropriate answers. Here is an example of how to pre-seed answers to the installer questions using debconf-set-selections :. This section documents some of the more important options that relate to security and how queries are handled. For details on all the available configuration options, read the nslcd.
If you disable LDAP, you need to restart the netd service. Depending on the configuration, this connection might be unauthenticated anonymous bind ; otherwise, the client must provide a bind user and password. You can also specify an alternate port in the URI.
After the connection to the server is complete, the BIND operation authenticates the session. The BIND credentials are optional, and if not specified, an anonymous bind is assumed. This is typically not allowed in most production environments.
0コメント