From owner-freebsd-questions@FreeBSD.ORG Mon Nov 21 17:49:46 2005 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8224516A41F for ; Mon, 21 Nov 2005 17:49:46 +0000 (GMT) (envelope-from robert@webtent.com) Received: from esmtp.webtent.net (esmtp.webtent.net [208.38.145.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 27EFB43D46 for ; Mon, 21 Nov 2005 17:49:46 +0000 (GMT) (envelope-from robert@webtent.com) Received: from localhost (localhost.webtent.net [127.0.0.1]) by esmtp.webtent.net (WebTent ESMTP Postfix Internet Mail Gateway) with ESMTP id 65B72EBE65; Mon, 21 Nov 2005 12:49:38 -0500 (EST) Received: from esmtp.webtent.net ([127.0.0.1]) by localhost (esmtp.webtent.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20500-06; Mon, 21 Nov 2005 12:49:32 -0500 (EST) Received: from [192.168.1.60] (webtent.org [70.110.70.42]) by esmtp.webtent.net (WebTent ESMTP Postfix Internet Mail Gateway) with ESMTP id 754DAEBE19; Mon, 21 Nov 2005 12:48:47 -0500 (EST) From: Robert Fitzpatrick To: Nathan Vidican In-Reply-To: <4381EC70.8080408@wmptl.com> References: <1132587368.21646.11.camel@columbus.webtent.org> <4381EC70.8080408@wmptl.com> Content-Type: text/plain Organization: WebTent Networking, Inc. Date: Mon, 21 Nov 2005 12:49:21 -0500 Message-Id: <1132595361.19759.2.camel@felipa.webtent.org> Mime-Version: 1.0 X-Mailer: Evolution 2.4.1 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new using ClamAV at webtent.net Cc: questions@freebsd.org Subject: Re: nss_ldap on FreeBSD 5.3 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Nov 2005 17:49:46 -0000 On Mon, 2005-11-21 at 10:49 -0500, Nathan Vidican wrote: > Robert Fitzpatrick wrote: > > I find several docs on setting this up, but none pertaining to linux > > compat. Can anyone point me to some instructions for setting this up > > properly? > Um... actually VERY easy... > > Step 1: install nss_ldap & pam_ldap > 2: edit /usr/local/etc/nss_ldap.conf > edit /usr/local/etc/ldap.conf > edit /usr/local/etc/ldap.secret > 3: edit /etc/nssswitch.conf, change from 'files' to 'files ldap' for 'group', > and 'passwd' (optionally) 'hosts' too. > 4: do a quick 'ldapsearch -x' to make sure you are connecting/searching the > correct ldap tree... > 5: edit /etc/pam.d/ file(s) for which types of accounts you want to > authenticate. ie: system, login, ftp, ssh, other, etc... should have to add a > line like: > > auth sufficient /usr/local/lib/pam_ldap.so try_first_pass > Thanks, that was easy, I was just missing the part about nss_ldap.conf, I didn't realize there was a separate file for nss. I have the logins working with gnome well, but I noticed once I login as an LDAP user, I cannot su to root in terminal session... robert@felipa$ su Password: su: Sorry robert@felipa$ Can someone point out why this happens? -- Robert