From owner-freebsd-questions  Mon Sep 17 22: 3:52 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from creme-brulee.marcuscom.com (rdu57-28-046.nc.rr.com [66.57.28.46])
	by hub.freebsd.org (Postfix) with ESMTP id 3E3D037B408
	for <questions@FreeBSD.ORG>; Mon, 17 Sep 2001 22:03:46 -0700 (PDT)
Received: from shumai.marcuscom.com (shumai.marcuscom.com [192.168.1.4])
	by creme-brulee.marcuscom.com (8.11.3/8.11.3) with ESMTP id f8I521510946;
	Tue, 18 Sep 2001 01:02:01 -0400 (EDT)
	(envelope-from marcus@marcuscom.com)
Received: from localhost (marcus@localhost)
	by shumai.marcuscom.com (8.11.3/8.11.3) with ESMTP id f8I542v75114;
	Tue, 18 Sep 2001 01:04:03 -0400 (EDT)
	(envelope-from marcus@marcuscom.com)
X-Authentication-Warning: shumai.marcuscom.com: marcus owned process doing -bs
Date: Tue, 18 Sep 2001 01:04:02 -0400 (EDT)
From: Joe Clarke <marcus@marcuscom.com>
To: Bill Moran <wmoran@iowna.com>
Cc: <questions@FreeBSD.ORG>
Subject: Re: pam_ldap and FreeBSD 4.3
In-Reply-To: <01091719042702.00330@proxy.the-i-pa.com>
Message-ID: <20010918010209.T75069-100000@shumai.marcuscom.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

I have it working as I did the port.  pam_ldap only handles
_authentication_.  You still need to have the user configured locally on
the machine, they just don't need a password.  The nss code would be the
way to do authorization as well (i.e. have LDAP handle passwd file lookups
using the RFC2307 schema).

So, if you have a user marcus in LDAP, you need to have a local passwd
entry for the user marcus with everything but the password.  pam_ldap just
lets you consolidate passwords in one place.

Joe

On Mon, 17 Sep 2001, Bill Moran wrote:

> Does anyone have pam_ldap working on FreeBSD?
> I'm trying to get it going with FreeBSD 4.3-RELEASE. Apparently, the fact
> that nss_ldap doesn't work on FreeBSD yet is causing the failure. For
> example:
>
> If I put an account on the ldap server:
> username = test
> password = word1
> uid = 1000
>
> I can not log in. No ldap errors, just rejected login, however, if I also create
> a local user in /etc/password:
> username = test
> password = completelydifferent
> uid = 1000
>
> I can now log in as "test" using the password "word1".  Apparently, pam_ldap
> is working, but FreeBSD won't let the login complete unless it can convert the
> uid back to a name.
> Is there a workaround for this? Or do I need to fall back on NIS and use that?
> It really seems like a shame not to be able to use this.  Is someone working on
> getting nss working that I could help out?
>
> --
> Bill Moran
> Potential Technology technical services
> (412) 793-4257
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message