LDAP issues on 5.21
Sean Noonan
noonans at get1free.com
Thu Aug 5 13:21:40 PDT 2004
Hi,
I've got a server running 5.21. Last build/install world was about 6 weeks
ago. Last 'portupgrade -a -R -r' was yesterday.
I'm been struggling to get Samba 3.05 installed and playing nicely via LDAP.
I think I've finally managed to get everything working properly as far as
Samba is concerned, however I have one problem and one question.
My problem is that users who *only* exist in the LDAP database can't seem to
SSH into the box. Also, not only must users exist in /etc/passwd to
successfully SSH into the box but the order in while "files" and "ldap" are
listed in /etc/nsswitch.conf makes a difference, too. "Files" must be
placed before "ldap" in /etc/nsswitch.conf for users to successfully SSH
into the box. I don't understand why this is since the test account in
question has the same information in both LDAP and /etc/passwd (and the same
password, etc).
Other services such as POP3 and SMTP work just fine with users only in LDAP.
I suspect it's my /etc/pam.d/sshd configuration. That file looks like this:
#
# $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $
#
# PAM configuration for the "sshd" service
#
# auth
auth sufficient /usr/local/lib/pam_ldap.so no_warn
try_first_pass debug
auth required pam_nologin.so no_warn
auth sufficient pam_opie.so no_warn
no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
auth required pam_unix.so no_warn
try_first_pass
# account
account required pam_login_access.so
account required pam_unix.so
# session
session required pam_permit.so
# password
password required pam_unix.so no_warn
try_first_pass
Does anyone see anything in this file that would cause the behavior I'm
experiencing?
Lastly, my final general question is about FreeBSD's implementation of
/etc/nsswitch.conf. I don't see support for shadow passwords. Should a
FreeBSD box's /etc/nsswitch.conf file make any type of reference to shadow
passwords?
TIA,
--Sean.
More information about the freebsd-questions
mailing list