From owner-freebsd-stable@FreeBSD.ORG Sun Feb 26 08:14:35 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4F9F316A47B for ; Sun, 26 Feb 2006 08:14:35 +0000 (GMT) (envelope-from dkirhlarov@localhost.oilspace.com) Received: from office.oilspace.com (office.oilspace.com [194.129.65.230]) by mx1.FreeBSD.org (Postfix) with ESMTP id A88D643D45 for ; Sun, 26 Feb 2006 08:14:34 +0000 (GMT) (envelope-from dkirhlarov@localhost.oilspace.com) Received: from dimma.mow.oilspace.com (hq.oilspace.com [81.19.78.185]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by office.oilspace.com (Postfix) with ESMTP id BC59713766E for ; Sun, 26 Feb 2006 08:14:32 +0000 (GMT) Received: from dimma.mow.oilspace.com (localhost [127.0.0.1]) by dimma.mow.oilspace.com (8.13.4/8.13.3) with ESMTP id k1Q8EVs6013957 for ; Sun, 26 Feb 2006 11:14:31 +0300 (MSK) (envelope-from dkirhlarov@localhost.oilspace.com) Received: (from dkirhlarov@localhost) by dimma.mow.oilspace.com (8.13.4/8.13.3/Submit) id k1Q8EVhi013956 for freebsd-stable@freebsd.org; Sun, 26 Feb 2006 11:14:31 +0300 (MSK) (envelope-from dkirhlarov) Date: Sun, 26 Feb 2006 11:14:31 +0300 From: Dmitriy Kirhlarov To: freebsd-stable@freebsd.org Message-ID: <20060226081431.GA813@dimma.mow.oilspace.com> Mail-Followup-To: freebsd-stable@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Mailer: Mutt-ng devel (2005-03-13) based on Mutt 1.5.9 X-Operating-System: FreeBSD 5.4-STABLE User-Agent: mutt-ng/devel-r581 (FreeBSD) Subject: nss_ldap problem X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Feb 2006 08:14:35 -0000 I use nss_ldap-1.239 and nss_ldap-1.244 on 5.4 and 6.0 I have a problem -- login success only if {CRYPT} mechanism used in ldap database. Other services, authenticated in ldap, work fine (pam_ldap, apache auth for example). My configs: /etc/pam.d/system # auth auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass nullok # account account required pam_login_access.so account required /usr/local/lib/pam_ldap.so ignore_authinfo_unavail ignore_unknown_user account required pam_unix.so # session session required /usr/local/lib/pam_mkhomedir.so skel=/etc/skel umask=0077 session required pam_lastlog.so no_fail # password password sufficient /usr/local/lib/pam_ldap.so use_authtok password required pam_unix.so no_warn try_first_pass /etc/nsswitch.conf group: ldap files hosts: files dns networks: files passwd: ldap files shells: files imap: ldap /usr/local/etc/ldap.conf uri ldaps://fbsd base ou=users,o=oil-space ldap_version 3 scope one pam_filter objectClass=posixAccount pam_login_attribute uid pam_password md5 nss_base_passwd ou=users,o=oil-space?one nss_base_shadow ou=users,o=oil-space?one nss_base_group ou=groups,o=oil-space?one ssl on tls_cacertfile /usr/local/etc/ssl/cacert.pem uname -rs && ls -l /usr/local/etc/nss_ldap.conf && pkg_info -Ix nss_ldap -x pam_ldap FreeBSD 5.4-STABLE lrwxr-xr-x 1 root wheel 24 Feb 22 16:41 /usr/local/etc/nss_ldap.conf -> /usr/local/etc/ldap.conf nss_ldap-1.244 RFC 2307 NSS module pam_ldap-1.8.0 A pam module for authenticating with LDAP Is somebody have the same problems? WBR -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 495 105 7247 ext.203 F:+7 495 105 7246 E:DmitriyKirhlarov@oilspace.com OILspace - The resource enriched - www.oilspace.com