Date: Thu, 03 Feb 2005 13:40:13 -0800 From: Totem <totem-lists@totem.is-a-geek.com> To: freebsd-questions@freebsd.org Subject: Re: nsswitch ldap lookup problems Message-ID: <42029A3D.10405@totem.is-a-geek.com> In-Reply-To: <4200A8ED.9030200@vsen.dk> References: <4200A8ED.9030200@vsen.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
I am using the nss_ldap port on 5.3 (nss_ldap-1.204_5). My config file is located at "/usr/local/etc/nss_ldap.conf". Also this is in my "/etc/nsswitch.conf" file. passwd: files ldap group: files ldap hosts: files dns shadow: files It is working for me. It looks like you might need to rename or link your ldap.conf and update your nsswitch.conf. Note: I'm using this for Samba not Kerberos, YMMV. Klavs Klavsen wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi guys, > > I've gotten my kerberos and openldap up and running on FreeBSD 5.3 - and > can login with my user (because he has been created in kerberos and pam > looks in that), but nsswitch can't find the user in ldap for some reason. > > All help will be greatly appreciated > > When I login with ssh I get this in debug.log: > Feb 2 11:06:06 auth01 sshd[771]: NSSWITCH(nss_method_lookup): ldap, > passwd, endpwent, not found > Feb 2 11:06:06 auth01 sshd[770]: NSSWITCH(nss_method_lookup): ldap, > group, setgrent, not found > Feb 2 11:06:06 auth01 sshd[770]: NSSWITCH(nss_method_lookup): ldap, > group, getgrent_r, not found > Feb 2 11:06:06 auth01 sshd[770]: NSSWITCH(nss_method_lookup): ldap, > group, endgrent, not found > Feb 2 11:06:09 auth01 slapd[604]: conn=2 fd=12 ACCEPT from > IP=172.21.1.109:56828 (IP=0.0.0.0:636) > Feb 2 11:06:09 auth01 slapd[604]: conn=2 op=0 BIND dn="" method=128 > Feb 2 11:06:09 auth01 slapd[604]: conn=2 op=0 RESULT tag=97 err=0 text= > Feb 2 11:06:09 auth01 slapd[604]: conn=2 op=1 SRCH > base="ou=People,dc=vsen,dc=dk" scope=1 deref=0 > filter="(&(objectClass=posixAccount)(uid=ktk))" > Feb 2 11:06:09 auth01 slapd[604]: conn=2 op=1 SEARCH RESULT tag=101 > err=0 nentries=1 text= > Feb 2 11:06:09 auth01 slapd[604]: conn=2 fd=12 closed > Feb 2 11:06:09 auth01 sshd[773]: NSSWITCH(nss_method_lookup): ldap, > group, setgrent, not found > Feb 2 11:06:09 auth01 sshd[773]: NSSWITCH(nss_method_lookup): ldap, > group, getgrent_r, not found > Feb 2 11:06:09 auth01 sshd[773]: NSSWITCH(nss_method_lookup): ldap, > group, endgrent, not found > Feb 2 11:06:09 auth01 sshd[774]: NSSWITCH(nss_method_lookup): ldap, > passwd, endpwent, not found > > if I try to do an ldapsearch for the same: > # ldapsearch "(&(objectClass=posixAccount)(uid=ktk))" -b > "ou=People,dc=vsen,dc=dk" -Y gssapi > > It seems to work fine: > [SNIP - cut SASL talk] > # extended LDIF > # > # LDAPv3 > # base <> with scope sub > # filter: (&(objectClass=posixAccount)(uid=ktk)) > # requesting: -b ou=People,dc=vsen,dc=dk -Y gssapi > # > > # ktk, People, telmore.dk > dn: uid=ktk,ou=People,dc=vsen,dc=dk > > # search result > search: 5 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > > my /usr/local/etc/ldap.conf (on freebsd 5.3) looks like this: > BASE dc=vsen, dc=dk > URI ldaps://auth.vsen.dk:636/ > TLS_REQCERT allow > > > #SIZELIMIT 12 > #TIMELIMIT 15 > #DEREF never > > scope sub > port 389 > pam_password md5 > ldap_version 3 > pam_filter objectclass=posixAccount > pam_login_attribute uid > pam_member_attribute memberUid > nss_base_passwd ou=People,dc=vsen,dc=dk?one > nss_base_group ou=Groups,dc=vsen,dc=dk?one > nss_base_shadow ou=People,dc=vsen,dc=dk?one > #debug testing > logdir /var/log > debug 9 > > > - -- > Regards, > Klavs Klavsen, GSEC - kl@vsen.dk - http://www.vsen.dk > PGP: 7E063C62/2873 188C 968E 600D D8F8 B8DA 3D3A 0B79 7E06 3C62 > > "Those who do not understand Unix are condemned to reinvent it, poorly." > ~ --Henry Spencer > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.6 (GNU/Linux) > > iD8DBQFCAKjtPToLeX4GPGIRAutdAJ4prd0S1dlM+kNcSAooZgNg6AV+hgCfW3pL > YA9GXibYIkpgKkrxvPxL50c= > =JwZO > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42029A3D.10405>