Date: Tue, 25 Jan 2005 23:43:21 +0100 (CET) From: "Serge Kestens" <serge.kestens@ecx.be> To: freebsd-questions@freebsd.org Subject: nss_ldap errors Message-ID: <3654.62.166.141.107.1106693001.squirrel@62.166.141.107>
next in thread | raw e-mail | index | archive | help
Hi, i'm trying to use pam_ldap and nss_ldap on a freebsd 5.3 box. This is my first try to use ldap for sshd logins. When the user exists in the files i can connect without problem. I created the same user in ldap with a different password and i can login with both passwords (files and ldap). If the user exists only in ldap, it doesn't work I receive the following error in debug.log Jan 25 22:19:30 vmldap sshd[608]: NSSWITCH(nss_method_lookup): ldap, group, setgrent, not found Jan 25 22:19:30 vmldap sshd[608]: NSSWITCH(nss_method_lookup): ldap, group, getgrent_r, not found Jan 25 22:19:30 vmldap sshd[608]: NSSWITCH(nss_method_lookup): ldap, group, endgrent, not found Jan 25 22:19:30 vmldap sshd[609]: NSSWITCH(nss_method_lookup): ldap, passwd, endpwent, not found Can somebody have a look what i'm doing wrong? If you need extra info don't hesitate to contact me. Any help will be appreciated. Thanks in advance, Serge uname -a: vmldap.ecss.be 5.3-RELEASE-p2 FreeBSD 5.3-RELEASE-p2 #0: Tue Dec 21 21:45:18 CET 2004 serge@vmldap.ecss.be:/usr/obj/usr/src/sys/ECXKERNEL i386 ##nsswitch.conf vmldap# cat /etc/nsswitch.conf passwd: files [NOTFOUND=continue] ldap group: files [NOTFOUND=continue] ldap hosts: files dns networks: files shells: files ##nss_ldap.conf and ldap.conf vmldap# cat /usr/local/etc/nss_ldap.conf host 127.0.0.1 base dc=ecss,dc=be scope sub port 389 pam_password md5 ldap_version 3 pam_filter objectclass=posixAccount pam_login_attribute uid pam_member_attribute memberUid nss_base_passwd ou=people,dc=ecss,dc=be?one nss_base_group ou=groups,dc=ecss,dc=be?one nss_base_shadow ou=people,dc=ecss,dc=be?one #debug testing logdir /var/log debug 9 vmldap# cat /etc/pam.d/sshd # # $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $ # # PAM configuration for the "sshd" service # auth sufficient /usr/local/lib/pam_ldap.so debug try_first_pass # auth auth required pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass # account #account required pam_krb5.so account required pam_login_access.so account sufficient pam_ldap.so debug account required pam_unix.so # session #session optional pam_ssh.so session required pam_permit.so # password #password sufficient pam_krb5.so no_warn try_first_pass password sufficient pam_ldap.so debug password required pam_unix.so no_warn try_first_pass
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3654.62.166.141.107.1106693001.squirrel>