From owner-freebsd-questions@FreeBSD.ORG Mon Nov 21 18:05:41 2005 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ED1F516A41F for ; Mon, 21 Nov 2005 18:05:41 +0000 (GMT) (envelope-from nvidican@wmptl.com) Received: from wmptl.net (fw1.wmptl.com [216.8.159.129]) by mx1.FreeBSD.org (Postfix) with ESMTP id 795C643D49 for ; Mon, 21 Nov 2005 18:05:38 +0000 (GMT) (envelope-from nvidican@wmptl.com) Received: from [10.0.0.104] (r3140ca.wmptl.net [10.0.0.104]) by wmptl.net (8.13.1/8.13.1) with ESMTP id jALI5YVU078502; Mon, 21 Nov 2005 13:05:34 -0500 (EST) (envelope-from nvidican@wmptl.com) Message-ID: <43820C6D.6020709@wmptl.com> Date: Mon, 21 Nov 2005 13:05:33 -0500 From: Nathan Vidican User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Robert Fitzpatrick References: <1132587368.21646.11.camel@columbus.webtent.org> <4381EC70.8080408@wmptl.com> <1132595361.19759.2.camel@felipa.webtent.org> In-Reply-To: <1132595361.19759.2.camel@felipa.webtent.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: 0.111 () RATWR10_MESSID X-Scanned-By: MIMEDefang 2.44 Cc: questions@freebsd.org Subject: Re: nss_ldap on FreeBSD 5.3 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Nov 2005 18:05:42 -0000 Two things to check, first off, user must be in group 'wheel' (gid 0), in order to su, and also check settings in "/etc/pam.d/su", (su has seperate settings). -- Nathan Vidican nvidican@wmptl.com Windsor Match Plate & Tool Ltd. http://www.wmptl.com/ Robert Fitzpatrick wrote: > On Mon, 2005-11-21 at 10:49 -0500, Nathan Vidican wrote: > >>Robert Fitzpatrick wrote: >> >>>I find several docs on setting this up, but none pertaining to linux >>>compat. Can anyone point me to some instructions for setting this up >>>properly? >> >>Um... actually VERY easy... >> >>Step 1: install nss_ldap & pam_ldap >>2: edit /usr/local/etc/nss_ldap.conf >> edit /usr/local/etc/ldap.conf >> edit /usr/local/etc/ldap.secret >>3: edit /etc/nssswitch.conf, change from 'files' to 'files ldap' for 'group', >>and 'passwd' (optionally) 'hosts' too. >>4: do a quick 'ldapsearch -x' to make sure you are connecting/searching the >>correct ldap tree... >>5: edit /etc/pam.d/ file(s) for which types of accounts you want to >>authenticate. ie: system, login, ftp, ssh, other, etc... should have to add a >>line like: >> >>auth sufficient /usr/local/lib/pam_ldap.so try_first_pass >> > > > Thanks, that was easy, I was just missing the part about nss_ldap.conf, > I didn't realize there was a separate file for nss. I have the logins > working with gnome well, but I noticed once I login as an LDAP user, I > cannot su to root in terminal session... > > robert@felipa$ su > Password: > su: Sorry > robert@felipa$ > > Can someone point out why this happens? > > -- > Robert > > >