Date: Wed, 15 Apr 2009 10:33:25 +0200 (CEST) From: Konrad Heuer <kheuer2@gwdg.de> To: freebsd-questions@freebsd.org Cc: freebsd-hackers@freebsd.org Subject: Problem: FreeBSD 7.x && ssh v2 && nss_ldap Message-ID: <20090415102209.T34961@gwdu60.gwdg.de>
next in thread | raw e-mail | index | archive | help
I see a problem on two systems running FreeBSD 7.0 or 7.1 which are
configured as OpenLDAP clients using the nss_ldap module.
When someone logs on using ssh protocol version 2 the session will not be
initialized correctly. The user will only get his primary group
affiliation but no affiliation to other groups (memberUid attribute in
LDAP group entries).
On 7.1 the ssh login process hangs forever with open ldap queries, on 7.0
the group list is incomplete. On several 6.x systems, all works correctly.
I have used the configuration for years now.
There are some workarounds I found:
a) use ssh protocol version 1
b) set UseLogin to yes in sshd_config
c) avoid ssl encryption in communication to ldap server
(ldap://... uri instead of ldaps://... in ldap.conf)
Does anybody see similar problems? Does anybody have an idea what may
couse the problem?
Best regards
Konrad Heuer
GWDG, Am Fassberg, 37077 Goettingen, Germany, kheuer2@gwdg.de
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090415102209.T34961>