From owner-freebsd-questions@FreeBSD.ORG Tue Jan 25 22:44:50 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C9DE16A4CE for ; Tue, 25 Jan 2005 22:44:50 +0000 (GMT) Received: from mail.ecx.be (cust141-106.dsl.versadsl.be [62.166.141.106]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9262E43D1D for ; Tue, 25 Jan 2005 22:44:48 +0000 (GMT) (envelope-from serge.kestens@ecx.be) Received: (qmail 16257 invoked by uid 1001); 25 Jan 2005 22:43:23 -0000 Received: from serge.kestens@ecx.be by mail.ecx.be by uid 89 with qmail-scanner-1.22 (clamscan: 0.73. spamassassin: 2.63. Clear:RC:1(127.0.0.1):. Processed in 1.840265 secs); 25 Jan 2005 22:43:23 -0000 Received: from unknown (HELO mail.ecx.be) (127.0.0.1) by localhost with SMTP; 25 Jan 2005 22:43:21 -0000 Received: from 62.166.141.107 (SquirrelMail authenticated user serge@ecx.be); by mail.ecx.be with HTTP; Tue, 25 Jan 2005 23:43:21 +0100 (CET) Message-ID: <3654.62.166.141.107.1106693001.squirrel@62.166.141.107> Date: Tue, 25 Jan 2005 23:43:21 +0100 (CET) From: "Serge Kestens" To: freebsd-questions@freebsd.org User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: nss_ldap errors X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: serge.kestens@ecx.be List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jan 2005 22:44:50 -0000 Hi, i'm trying to use pam_ldap and nss_ldap on a freebsd 5.3 box. This is my first try to use ldap for sshd logins. When the user exists in the files i can connect without problem. I created the same user in ldap with a different password and i can login with both passwords (files and ldap). If the user exists only in ldap, it doesn't work I receive the following error in debug.log Jan 25 22:19:30 vmldap sshd[608]: NSSWITCH(nss_method_lookup): ldap, group, setgrent, not found Jan 25 22:19:30 vmldap sshd[608]: NSSWITCH(nss_method_lookup): ldap, group, getgrent_r, not found Jan 25 22:19:30 vmldap sshd[608]: NSSWITCH(nss_method_lookup): ldap, group, endgrent, not found Jan 25 22:19:30 vmldap sshd[609]: NSSWITCH(nss_method_lookup): ldap, passwd, endpwent, not found Can somebody have a look what i'm doing wrong? If you need extra info don't hesitate to contact me. Any help will be appreciated. Thanks in advance, Serge uname -a: vmldap.ecss.be 5.3-RELEASE-p2 FreeBSD 5.3-RELEASE-p2 #0: Tue Dec 21 21:45:18 CET 2004 serge@vmldap.ecss.be:/usr/obj/usr/src/sys/ECXKERNEL i386 ##nsswitch.conf vmldap# cat /etc/nsswitch.conf passwd: files [NOTFOUND=continue] ldap group: files [NOTFOUND=continue] ldap hosts: files dns networks: files shells: files ##nss_ldap.conf and ldap.conf vmldap# cat /usr/local/etc/nss_ldap.conf host 127.0.0.1 base dc=ecss,dc=be scope sub port 389 pam_password md5 ldap_version 3 pam_filter objectclass=posixAccount pam_login_attribute uid pam_member_attribute memberUid nss_base_passwd ou=people,dc=ecss,dc=be?one nss_base_group ou=groups,dc=ecss,dc=be?one nss_base_shadow ou=people,dc=ecss,dc=be?one #debug testing logdir /var/log debug 9 vmldap# cat /etc/pam.d/sshd # # $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $ # # PAM configuration for the "sshd" service # auth sufficient /usr/local/lib/pam_ldap.so debug try_first_pass # auth auth required pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass # account #account required pam_krb5.so account required pam_login_access.so account sufficient pam_ldap.so debug account required pam_unix.so # session #session optional pam_ssh.so session required pam_permit.so # password #password sufficient pam_krb5.so no_warn try_first_pass password sufficient pam_ldap.so debug password required pam_unix.so no_warn try_first_pass