From owner-freebsd-questions@FreeBSD.ORG Fri Sep 28 15:32:18 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 71EDA16A421 for ; Fri, 28 Sep 2007 15:32:18 +0000 (UTC) (envelope-from lavalamp@spiritual-machines.org) Received: from mx00.pub.collaborativefusion.com (mx00.pub.collaborativefusion.com [206.210.89.199]) by mx1.freebsd.org (Postfix) with ESMTP id 30AE813C455 for ; Fri, 28 Sep 2007 15:32:18 +0000 (UTC) (envelope-from lavalamp@spiritual-machines.org) Received: from [192.168.2.62] (pr40.pitbpa0.pub.collaborativefusion.com [206.210.89.202]) (AUTH: LOGIN seklecki, TLS: TLSv1/SSLv3,128bits,RC4-MD5) by wingspan with esmtp; Fri, 28 Sep 2007 11:32:17 -0400 id 00056412.46FD1E81.0000C5A6 From: "Brian A. Seklecki" To: "O. Hartmann" In-Reply-To: <46FCDD68.6030901@zedat.fu-berlin.de> References: <46FCDD68.6030901@zedat.fu-berlin.de> Date: Fri, 28 Sep 2007 10:29:19 -0400 Message-Id: <1190989759.2994.26.camel@new-host> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit X-Mailer: Evolution 2.10.3 (2.10.3-4.fc7) Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD 7.0, Open LDAP, PAM, TLS and NSS, howto? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Sep 2007 15:32:18 -0000 FreeBSD 5.x and 6.x work fine with both PAM and NSS -> LDAP w/ TLS (PKI). All other services (RADIUS, Apache ((mod_ldap, mod_pam_auth), PHP, interactive shell, SFTP, etc.) can be tied into LDAP either directly or via PAM. As for password change, I don't know if anyone has a passwd(1) binary that properly changes the LDAP password attribute -- if there is and its out there, it requires ACL insanity. Like Oracle, you can either understand OpenLDAP ACLs, or you have real work to do >:} Check the nss_pam.conf and nss_ldap.conf configs in local/etc/* -- set to "debug 1" to get debugging info. Feel free to share error messages. ~BAS On Fri, 2007-09-28 at 10:54 +0000, O. Hartmann wrote: > Hello out there, > I have a problem with setting up an FreeBSD box as OpenLDAP server with > several services, like SAMBA, NFS. > > The intention is to have a FreeBSD 7.0 fileserver (NFS, SAMBA) also > acting as OpenLDAP server. So far. OpenLDAP is up and running, using > TLS/SSL certificate. SAMBA is also up and running - but it never > connects to the OpenLDAP server due to an connection error, but this > shouldn't be the subject here, I have more basic questions about what > FreeBSD already has and what to install additionally. > > I want customers to log in on the FBSD box, so they sould log in > (authenticated via OpenLDAP), change their passwords and shells and > those user specifica should be updated on the LDAP server. > > I already installed pam_ldap-port but ran into trouble because FreeBSD's > nss obviously does not have a tag 'ldap' to refere to an OpenLDAP server > (and not files). > Well, I'm confused and not very firm with OpenLDAP/PAM/NSS stuff, > especially if SSL/TLS come into play and I would like to ask those > herein administering those setups, especially within a hybrid NFS/SAMBA > fileservicing environment, where to find up to date > informationes/howto/tipps. > > Most websites and HowTo's I found were Linux related or, if related to > FreeBSD, outdated. > > Sorry beeing so unspecific, but the problem is complex (to me) so I > would better ask for those who are willing to help or give hints and tips. > > Thanks in advance and for your patience, > Oliver > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > > > > >