From owner-svn-doc-all@freebsd.org Sat Jul 25 16:21:54 2015 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AFB199AA7E0; Sat, 25 Jul 2015 16:21:54 +0000 (UTC) (envelope-from bcr@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 829AB12D7; Sat, 25 Jul 2015 16:21:54 +0000 (UTC) (envelope-from bcr@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6PGLs1G021107; Sat, 25 Jul 2015 16:21:54 GMT (envelope-from bcr@FreeBSD.org) Received: (from bcr@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6PGLsLl021106; Sat, 25 Jul 2015 16:21:54 GMT (envelope-from bcr@FreeBSD.org) Message-Id: <201507251621.t6PGLsLl021106@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bcr set sender to bcr@FreeBSD.org using -f From: Benedict Reuschling Date: Sat, 25 Jul 2015 16:21:54 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r47080 - head/en_US.ISO8859-1/articles/ldap-auth X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Jul 2015 16:21:54 -0000 Author: bcr Date: Sat Jul 25 16:21:53 2015 New Revision: 47080 URL: https://svnweb.freebsd.org/changeset/doc/47080 Log: The LDAP client configuration part now contains help for users that can not log in because of a missing shell. When shells like bash are on different paths (/bin/bash vs. /usr/local/bin/bash), entries need to be created in /etc/shells and proper symlinks set to make this work. Reviewed by: wblock Approved by: wblock Committed at: Essen FreeBSD Hackathon Differential Revision: https://reviews.freebsd.org/D3194 Modified: head/en_US.ISO8859-1/articles/ldap-auth/article.xml Modified: head/en_US.ISO8859-1/articles/ldap-auth/article.xml ============================================================================== --- head/en_US.ISO8859-1/articles/ldap-auth/article.xml Sat Jul 25 14:15:54 2015 (r47079) +++ head/en_US.ISO8859-1/articles/ldap-auth/article.xml Sat Jul 25 16:21:53 2015 (r47080) @@ -448,6 +448,34 @@ cn: tuser correctly, then it will allow access. Otherwise it will fail. + Users whose shell is not in + /etc/shells will not be able to log in. + This is particularly important when + Bash is set as the user shell on + the LDAP server. Bash is not + included with a default installation of &os;. When installed + from a package or port, it is located at + /usr/local/bin/bash. Verify that the + path to the shell on the server is set correctly: + + &prompt.user; getent passwd username + + There are two choices when the output shows + /bin/bash in the last column. The first is + to change the user's entry on the LDAP server to + /usr/local/bin/bash. The second option + is to create a symlink on the LDAP client computer so + Bash is found at the correct + location: + + &prompt.root; ln -s /usr/local/bin/bash /bin/bash + + Make sure that /etc/shells contains + entries for both /usr/local/bin/bash and + /bin/bash. The user will then be able to + log in to the system with Bash as + their shell. + PAM