우분투에 LDAP와 nsswitch를 설정했는데 어느 정도 작동하는 것 같습니다. 예를 들어 getent passwdLDAP 서버의 계정을 나열합니다./etc/passwd
그러나 예를 들어 LDAP 서버의 계정은 인식되지 않는 것 같습니다 id <user>. 이 프로그램은 nsswitch 설정 sudo -u <user> bash만 고려합니까 ? 내가 알아야 할 /etc/passwd프로그램만 조사하는 다른 (중요한) 프로그램이 있나요 ?/etc/passwd
내 /etc/nsswitch.conf것은:
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat ldap
group: compat ldap
shadow: compat ldap
hosts: files ldap mdns4_minimal [NOTFOUND=return] dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
하지만 LDAP에서 계정을 인식하는 것 같으니 문제는 getent아닌 것 같습니다 .nsswitch
구성 에 관해서는 pam, 무엇을 찾아야 할지 잘 모르겠습니다. 제 눈에는 괜찮아 보입니다. grep "^[^#]" *주어진
accountsservice:password substack common-password
accountsservice:password optional pam_pin.so
chfn:auth sufficient pam_rootok.so
chfn:@include common-auth
chfn:@include common-account
chfn:@include common-session
chpasswd:@include common-password
chsh:auth required pam_shells.so
chsh:auth sufficient pam_rootok.so
chsh:@include common-auth
chsh:@include common-account
chsh:@include common-session
common-account:account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so
common-account:account [success=1 default=ignore] pam_ldap.so
common-account:account requisite pam_deny.so
common-account:account required pam_permit.so
common-auth:auth [success=2 default=ignore] pam_unix.so nullok_secure
common-auth:auth [success=1 default=ignore] pam_ldap.so use_first_pass
common-auth:auth requisite pam_deny.so
common-auth:auth required pam_permit.so
common-password:password [success=2 default=ignore] pam_unix.so obscure sha512
common-password:password [success=1 user_unknown=ignore default=die] pam_ldap.so try_first_pass
common-password:password requisite pam_deny.so
common-password:password required pam_permit.so
common-session:session [default=1] pam_permit.so
common-session:session requisite pam_deny.so
common-session:session required pam_permit.so
common-session:session optional pam_umask.so
common-session:session required pam_unix.so
common-session:session optional pam_ldap.so
common-session:session optional pam_systemd.so
common-session-noninteractive:session [default=1] pam_permit.so
common-session-noninteractive:session requisite pam_deny.so
common-session-noninteractive:session required pam_permit.so
common-session-noninteractive:session optional pam_umask.so
common-session-noninteractive:session required pam_unix.so
common-session-noninteractive:session optional pam_ldap.so
cron:@include common-auth
cron:session required pam_loginuid.so
cron:session required pam_env.so
cron:session required pam_env.so envfile=/etc/default/locale
cron:@include common-account
cron:@include common-session-noninteractive
cron:session required pam_limits.so
login:auth optional pam_faildelay.so delay=3000000
login:auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
login:auth requisite pam_nologin.so
login:session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
login:session required pam_env.so readenv=1
login:session required pam_env.so readenv=1 envfile=/etc/default/locale
login:@include common-auth
login:auth optional pam_group.so
login:session required pam_limits.so
login:session optional pam_lastlog.so
login:session optional pam_motd.so motd=/run/motd.dynamic noupdate
login:session optional pam_motd.so
login:session optional pam_mail.so standard
login:@include common-account
login:@include common-session
login:@include common-password
login:session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
newusers:@include common-password
other:@include common-auth
other:@include common-account
other:@include common-password
other:@include common-session
passwd:@include common-password
polkit-1:@include common-auth
polkit-1:@include common-account
polkit-1:@include common-password
polkit-1:session required pam_env.so readenv=1 user_readenv=0
polkit-1:session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0
polkit-1:@include common-session
ppp:auth required pam_nologin.so
ppp:@include common-auth
ppp:@include common-account
ppp:@include common-session
runuser:auth sufficient pam_rootok.so
runuser:session optional pam_keyinit.so revoke
runuser:session required pam_limits.so
runuser:session required pam_unix.so
runuser-l:auth include runuser
runuser-l:session optional pam_keyinit.so force revoke
runuser-l:-session optional pam_systemd.so
runuser-l:session include runuser
sshd:@include common-auth
sshd:account required pam_nologin.so
sshd:@include common-account
sshd:session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
sshd:session required pam_loginuid.so
sshd:session optional pam_keyinit.so force revoke
sshd:@include common-session
sshd:session optional pam_motd.so motd=/run/motd.dynamic
sshd:session optional pam_motd.so noupdate
sshd:session optional pam_mail.so standard noenv # [1]
sshd:session required pam_limits.so
sshd:session required pam_env.so # [1]
sshd:session required pam_env.so user_readenv=1 envfile=/etc/default/locale
sshd:session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
sshd:@include common-password
su:auth sufficient pam_rootok.so
su:session required pam_env.so readenv=1
su:session required pam_env.so readenv=1 envfile=/etc/default/locale
su:session optional pam_mail.so nopen
su:@include common-auth
su:@include common-account
su:@include common-session
sudo:session required pam_env.so readenv=1 user_readenv=0
sudo:session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0
sudo:@include common-auth
sudo:@include common-account
sudo:@include common-session-noninteractive
systemd-user:@include common-account
systemd-user:@include common-session-noninteractive
systemd-user:session optional pam_systemd.so