UbuntuにLDAPとnsswitchを設定しましたが、ある程度動作しているようです。たとえば、getent passwd
LDAPサーバーのアカウントを一覧表示します。/etc/passwd
ただし、たとえば、LDAPサーバーのアカウントは認識されないようですid <user>
。このプログラムはnsswitch設定sudo -u <user> bash
のみを考慮していますか?私が知っておくべき/etc/passwd
プログラムだけを調べる他の(重要な)プログラムがありますか?/etc/passwd
私/etc/nsswitch.conf
のもの:
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat ldap
group: compat ldap
shadow: compat ldap
hosts: files ldap mdns4_minimal [NOTFOUND=return] dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
しかし、LDAPはアカウントを認識しているようですが、問題ではgetent
ないようです。nsswitch
構成に関してはpam
、何を探すべきかわかりません。私の目には大丈夫に見えます。grep "^[^#]" *
与えられた
accountsservice:password substack common-password
accountsservice:password optional pam_pin.so
chfn:auth sufficient pam_rootok.so
chfn:@include common-auth
chfn:@include common-account
chfn:@include common-session
chpasswd:@include common-password
chsh:auth required pam_shells.so
chsh:auth sufficient pam_rootok.so
chsh:@include common-auth
chsh:@include common-account
chsh:@include common-session
common-account:account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so
common-account:account [success=1 default=ignore] pam_ldap.so
common-account:account requisite pam_deny.so
common-account:account required pam_permit.so
common-auth:auth [success=2 default=ignore] pam_unix.so nullok_secure
common-auth:auth [success=1 default=ignore] pam_ldap.so use_first_pass
common-auth:auth requisite pam_deny.so
common-auth:auth required pam_permit.so
common-password:password [success=2 default=ignore] pam_unix.so obscure sha512
common-password:password [success=1 user_unknown=ignore default=die] pam_ldap.so try_first_pass
common-password:password requisite pam_deny.so
common-password:password required pam_permit.so
common-session:session [default=1] pam_permit.so
common-session:session requisite pam_deny.so
common-session:session required pam_permit.so
common-session:session optional pam_umask.so
common-session:session required pam_unix.so
common-session:session optional pam_ldap.so
common-session:session optional pam_systemd.so
common-session-noninteractive:session [default=1] pam_permit.so
common-session-noninteractive:session requisite pam_deny.so
common-session-noninteractive:session required pam_permit.so
common-session-noninteractive:session optional pam_umask.so
common-session-noninteractive:session required pam_unix.so
common-session-noninteractive:session optional pam_ldap.so
cron:@include common-auth
cron:session required pam_loginuid.so
cron:session required pam_env.so
cron:session required pam_env.so envfile=/etc/default/locale
cron:@include common-account
cron:@include common-session-noninteractive
cron:session required pam_limits.so
login:auth optional pam_faildelay.so delay=3000000
login:auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
login:auth requisite pam_nologin.so
login:session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
login:session required pam_env.so readenv=1
login:session required pam_env.so readenv=1 envfile=/etc/default/locale
login:@include common-auth
login:auth optional pam_group.so
login:session required pam_limits.so
login:session optional pam_lastlog.so
login:session optional pam_motd.so motd=/run/motd.dynamic noupdate
login:session optional pam_motd.so
login:session optional pam_mail.so standard
login:@include common-account
login:@include common-session
login:@include common-password
login:session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
newusers:@include common-password
other:@include common-auth
other:@include common-account
other:@include common-password
other:@include common-session
passwd:@include common-password
polkit-1:@include common-auth
polkit-1:@include common-account
polkit-1:@include common-password
polkit-1:session required pam_env.so readenv=1 user_readenv=0
polkit-1:session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0
polkit-1:@include common-session
ppp:auth required pam_nologin.so
ppp:@include common-auth
ppp:@include common-account
ppp:@include common-session
runuser:auth sufficient pam_rootok.so
runuser:session optional pam_keyinit.so revoke
runuser:session required pam_limits.so
runuser:session required pam_unix.so
runuser-l:auth include runuser
runuser-l:session optional pam_keyinit.so force revoke
runuser-l:-session optional pam_systemd.so
runuser-l:session include runuser
sshd:@include common-auth
sshd:account required pam_nologin.so
sshd:@include common-account
sshd:session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
sshd:session required pam_loginuid.so
sshd:session optional pam_keyinit.so force revoke
sshd:@include common-session
sshd:session optional pam_motd.so motd=/run/motd.dynamic
sshd:session optional pam_motd.so noupdate
sshd:session optional pam_mail.so standard noenv # [1]
sshd:session required pam_limits.so
sshd:session required pam_env.so # [1]
sshd:session required pam_env.so user_readenv=1 envfile=/etc/default/locale
sshd:session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
sshd:@include common-password
su:auth sufficient pam_rootok.so
su:session required pam_env.so readenv=1
su:session required pam_env.so readenv=1 envfile=/etc/default/locale
su:session optional pam_mail.so nopen
su:@include common-auth
su:@include common-account
su:@include common-session
sudo:session required pam_env.so readenv=1 user_readenv=0
sudo:session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0
sudo:@include common-auth
sudo:@include common-account
sudo:@include common-session-noninteractive
systemd-user:@include common-account
systemd-user:@include common-session-noninteractive
systemd-user:session optional pam_systemd.so