Over the summer I helped an undergraduate student setup an LDAP server in the lab, we had clients authenticating against it. There were two issues with the server. He didn't have SSH authentication working, and user directories weren't being created when LDAP users logged in. Not knowing what he had done exactly, I thought a fresh start was in order. I reinstalled the LDAP server's OS, reconfigured the LDAP server, and configured the client to authenticate against it. It all worked, and then I rebooted and it didn't work.
After much head-scratching I have tracked down the problem. SuSE 9.1 overwrites the /etc/nsswitch.conf file when it reboots. It replaces the "passwd files ldap" entry with "passwd compat", and "group files ldap" with "group compat". That would be fine if user authentication actually worked when these entries are set to
compat but they don't - at least not for me.
Out of disgust, I've been browsing around for a new flavor of Linux. I love SuSE, it's ease of use is amazing. Setting up Samba shares, and NFS shares are the easiest of any distribution I've ever tried. Creating posixAccount users in the LDAP directory works flawlessly. However, there are about two dozen machines in the lab which I need to authenticate against the LDAP directory, and I don't want to fit SuSE to make it work. LDAP is the solution, now I just need a distro where it works without issues. Perhaps, I'll run the LDAP server off one SuSE machine and change the client distribution to something like Debian or MEPIS.
SuSE 9.1 + LDAP authentication issues.
