LDAP issues on 5.21

Sean Noonan noonans at get1free.com
Thu Aug 5 13:21:40 PDT 2004 

Hi,

I've got a server running 5.21.  Last build/install world was about 6 weeks
ago.  Last 'portupgrade -a -R -r' was yesterday.

I'm been struggling to get Samba 3.05 installed and playing nicely via LDAP.
I think I've finally managed to get everything working properly as far as
Samba is concerned, however I have one problem and one question.

My problem is that users who *only* exist in the LDAP database can't seem to
SSH into the box.  Also, not only must users exist in /etc/passwd to
successfully SSH into the box but the order in while "files" and "ldap" are
listed in /etc/nsswitch.conf makes a difference, too.  "Files" must be
placed before "ldap" in /etc/nsswitch.conf for users to successfully SSH
into the box.  I don't understand why this is since the test account in
question has the same information in both LDAP and /etc/passwd (and the same
password, etc).

Other services such as POP3 and SMTP work just fine with users only in LDAP.

I suspect it's my /etc/pam.d/sshd configuration.  That file looks like this:

#
# $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $
#
# PAM configuration for the "sshd" service
#

# auth
auth            sufficient      /usr/local/lib/pam_ldap.so      no_warn
try_first_pass  debug
auth            required        pam_nologin.so          no_warn
auth            sufficient      pam_opie.so             no_warn
no_fake_prompts
auth            requisite       pam_opieaccess.so       no_warn allow_local
auth            required        pam_unix.so             no_warn
try_first_pass

# account
account         required        pam_login_access.so
account         required        pam_unix.so

# session
session         required        pam_permit.so

# password
password        required        pam_unix.so             no_warn
try_first_pass

Does anyone see anything in this file that would cause the behavior I'm
experiencing?

Lastly, my final general question is about FreeBSD's implementation of
/etc/nsswitch.conf.  I don't see support for shadow passwords.  Should a
FreeBSD box's /etc/nsswitch.conf file make any type of reference to shadow
passwords?

TIA,

--Sean.

More information about the freebsd-questions mailing list