Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 5 Aug 2004 13:21:38 -0700
From:      "Sean Noonan" <noonans@get1free.com>
To:        <freebsd-questions@freebsd.org>
Subject:   LDAP issues on 5.21
Message-ID:  <011401c47b29$d0c05e00$fa07a8c0@amen>
next in thread | raw e-mail | index | archive | help 
Hi,

I've got a server running 5.21.  Last build/install world was about 6 =
weeks
ago.  Last 'portupgrade -a -R -r' was yesterday.

I'm been struggling to get Samba 3.05 installed and playing nicely via =
LDAP.
I think I've finally managed to get everything working properly as far =
as
Samba is concerned, however I have one problem and one question.

My problem is that users who *only* exist in the LDAP database can't =
seem to
SSH into the box.  Also, not only must users exist in /etc/passwd to
successfully SSH into the box but the order in while "files" and "ldap" =
are
listed in /etc/nsswitch.conf makes a difference, too.  "Files" must be
placed before "ldap" in /etc/nsswitch.conf for users to successfully SSH
into the box.  I don't understand why this is since the test account in
question has the same information in both LDAP and /etc/passwd (and the =
same
password, etc).

Other services such as POP3 and SMTP work just fine with users only in =
LDAP.

I suspect it's my /etc/pam.d/sshd configuration.  That file looks like =
this:

#
# $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $
#
# PAM configuration for the "sshd" service
#

# auth
auth            sufficient      /usr/local/lib/pam_ldap.so      no_warn
try_first_pass  debug
auth            required        pam_nologin.so          no_warn
auth            sufficient      pam_opie.so             no_warn
no_fake_prompts
auth            requisite       pam_opieaccess.so       no_warn =
allow_local
auth            required        pam_unix.so             no_warn
try_first_pass

# account
account         required        pam_login_access.so
account         required        pam_unix.so

# session
session         required        pam_permit.so

# password
password        required        pam_unix.so             no_warn
try_first_pass

Does anyone see anything in this file that would cause the behavior I'm
experiencing?

Lastly, my final general question is about FreeBSD's implementation of
/etc/nsswitch.conf.  I don't see support for shadow passwords.  Should a
FreeBSD box's /etc/nsswitch.conf file make any type of reference to =
shadow
passwords?

TIA,

--Sean.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?011401c47b29$d0c05e00$fa07a8c0>