jef
07-24-2004, 10:06 PM
I'm working on enabling nss_ldap for some new linux systems we are
installing. A few of them are going to be replacements for Solaris systems
that currently use NIS.
When enabling ldap in nsswitch.conf, I lose DNS lookups for hosts, as
explained by the comments in the supplied nsswitch.conf supplied by the
debian package:
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
# the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
passwd: files ldap
group: files ldap
# consult DNS first, we will need it to resolve the LDAP host. (If we
# can't resolve it, we're in infinite recursion, because libldap calls
# gethostbyname(). Careful!)
hosts: dns ldap
So, no problem I think - except that I cannot find a good example of what
the /etc/netconfig file should look like in linux. I have tons of Solaris
examples around, but copying their syntax does not work (I didn't expect
that it would, but I tried anyhow).
My question is, what can I do to get these systems talking to DNS for
hosts? As I mentioned, I am using the debian packages for all of this. It
is possible that they have compiled things to break this. I don't have a
problem building from source, but do not want to do so if I'm just missing
something simple here. (As an aside, communication between the system and
the ldap server works, as I can ssh auth against ldap just fine.)
Thanks - and let me know if I can supply any more information.
jef
installing. A few of them are going to be replacements for Solaris systems
that currently use NIS.
When enabling ldap in nsswitch.conf, I lose DNS lookups for hosts, as
explained by the comments in the supplied nsswitch.conf supplied by the
debian package:
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
# the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
passwd: files ldap
group: files ldap
# consult DNS first, we will need it to resolve the LDAP host. (If we
# can't resolve it, we're in infinite recursion, because libldap calls
# gethostbyname(). Careful!)
hosts: dns ldap
So, no problem I think - except that I cannot find a good example of what
the /etc/netconfig file should look like in linux. I have tons of Solaris
examples around, but copying their syntax does not work (I didn't expect
that it would, but I tried anyhow).
My question is, what can I do to get these systems talking to DNS for
hosts? As I mentioned, I am using the debian packages for all of this. It
is possible that they have compiled things to break this. I don't have a
problem building from source, but do not want to do so if I'm just missing
something simple here. (As an aside, communication between the system and
the ldap server works, as I can ssh auth against ldap just fine.)
Thanks - and let me know if I can supply any more information.
jef