From owner-freebsd-questions@FreeBSD.ORG Thu Aug 5 20:21:40 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE78F16A4CE for ; Thu, 5 Aug 2004 20:21:40 +0000 (GMT) Received: from freebee.get1free.com (get1freemag-2.access.nethere.net [216.9.35.210]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6593643D60 for ; Thu, 5 Aug 2004 20:21:40 +0000 (GMT) (envelope-from noonans@get1free.com) Received: from amen (216-120-17-140.dsl.cust.tfb.com [216.120.17.140]) (authenticated bits=0)i75KLdLa035357 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for ; Thu, 5 Aug 2004 13:21:39 -0700 (PDT) (envelope-from noonans@get1free.com) From: "Sean Noonan" To: Date: Thu, 5 Aug 2004 13:21:38 -0700 Organization: Get 1 Free Magazine Message-ID: <011401c47b29$d0c05e00$fa07a8c0@amen> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.6626 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Subject: LDAP issues on 5.21 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Aug 2004 20:21:40 -0000 Hi, I've got a server running 5.21. Last build/install world was about 6 = weeks ago. Last 'portupgrade -a -R -r' was yesterday. I'm been struggling to get Samba 3.05 installed and playing nicely via = LDAP. I think I've finally managed to get everything working properly as far = as Samba is concerned, however I have one problem and one question. My problem is that users who *only* exist in the LDAP database can't = seem to SSH into the box. Also, not only must users exist in /etc/passwd to successfully SSH into the box but the order in while "files" and "ldap" = are listed in /etc/nsswitch.conf makes a difference, too. "Files" must be placed before "ldap" in /etc/nsswitch.conf for users to successfully SSH into the box. I don't understand why this is since the test account in question has the same information in both LDAP and /etc/passwd (and the = same password, etc). Other services such as POP3 and SMTP work just fine with users only in = LDAP. I suspect it's my /etc/pam.d/sshd configuration. That file looks like = this: # # $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $ # # PAM configuration for the "sshd" service # # auth auth sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass debug auth required pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn = allow_local auth required pam_unix.so no_warn try_first_pass # account account required pam_login_access.so account required pam_unix.so # session session required pam_permit.so # password password required pam_unix.so no_warn try_first_pass Does anyone see anything in this file that would cause the behavior I'm experiencing? Lastly, my final general question is about FreeBSD's implementation of /etc/nsswitch.conf. I don't see support for shadow passwords. Should a FreeBSD box's /etc/nsswitch.conf file make any type of reference to = shadow passwords? TIA, --Sean.