From owner-freebsd-questions@FreeBSD.ORG  Tue May  9 16:35:58 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7622216A587
	for <freebsd-questions@freebsd.org>;
	Tue,  9 May 2006 16:35:58 +0000 (UTC)
	(envelope-from vvelox@vvelox.net)
Received: from mail07.powweb.com (mail07.powweb.com [66.152.97.40])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D93CA43D69
	for <freebsd-questions@freebsd.org>;
	Tue,  9 May 2006 16:35:57 +0000 (GMT)
	(envelope-from vvelox@vvelox.net)
Received: from vixen42.vulpes (24-119-225-24.cpe.cableone.net [24.119.225.24])
	by mail07.powweb.com (Postfix) with ESMTP id 8BBC214DE1A;
	Tue,  9 May 2006 09:35:55 -0700 (PDT)
Date: Tue, 9 May 2006 11:36:29 -0500
From: "Z.C.B." <vvelox@vvelox.net>
To: robert <bsd@bathnetworks.com>
Message-ID: <20060509113629.2c37ea59@vixen42.vulpes>
In-Reply-To: <1147161045.9552.12.camel@localhost.localdomain>
References: <7daacbbe0601181356q131bc2d7kd044d924e13079f2@mail.gmail.com>
	<20060507174256.09c33510@vixen42.vulpes>
	<df9ac37c0605080827i77a836afje0635ef748419e8d@mail.gmail.com>
	<20060508182308.6e8d9aac@vixen42.vulpes>
	<df9ac37c0605081631q283c691ah8c9f7af94e683ca3@mail.gmail.com>
	<20060508184412.4ccbf90c@vixen42.vulpes>
	<1147161045.9552.12.camel@localhost.localdomain>
X-Mailer: Sylpheed-Claws 2.1.1 (GTK+ 2.8.17; i386-portbld-freebsd5.4)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: Atom Powers <atom.powers@gmail.com>, freebsd-questions@freebsd.org,
	Dominique Goncalves <dominique.goncalves@gmail.com>
Subject: Re: nsswitch.conf with ldap
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 09 May 2006 16:36:03 -0000

On Tue, 09 May 2006 08:50:45 +0100
robert <bsd@bathnetworks.com> wrote:

> On Mon, 2006-05-08 at 18:44 -0500, Z.C.B. wrote:
> > On Mon, 8 May 2006 16:31:04 -0700
> > "Atom Powers" <atom.powers@gmail.com> wrote:
> > 
> > > On 5/8/06, Z.C.B. <vvelox@vvelox.net> wrote:
> > > > On Mon, 8 May 2006 08:27:33 -0700
> > > > "Atom Powers" <atom.powers@gmail.com> wrote:
> > > >
> > > > > On 5/7/06, Z.C.B. <vvelox@vvelox.net> wrote:
> > > > > > On Wed, 18 Jan 2006 22:56:09 +0100
> > > > > > Dominique Goncalves <dominique.goncalves@gmail.com> wrote:
> > > > > >
> > > > > > >
> > > > > > > Why FreeBSD tries to use ldap database if my user
> > > > > > > system is on files ? Thanks for the help.
> > > > > >
> > > > > > Did you ever find a fix for this? I am running into the
> > > > > > same thing myself.
> > > > >
> > > > > Check your pam.d configuration,
> > > > > particularly /etc/pam.d/login
> > > >
> > > > Probally a silly question, but how would that help with this
> > > > problem?
> > > >
> > > 
> > > pam controls how each application, including "login" attempts to
> > > authenticate. nss controls how user, host information is looked
> > > up.
> > > 
> > > I don't know if it will help your problem, I'm struggling
> > > through my own pam/nss/ldap issues, but it is a part of the
> > > picture.
> > 
> > I am curious. Do you run into problems with SSH and xterm, but
> > everything else works? That is what I am currently hitting.
> > 
> > initgroups(kitsune,1001): Invalid argument
> > 
> > Is what it is kicking into /var/log/messages. That is right after
> > I authenticate.
> 
> Not sure if this has a bearing on the problem. From the samba by
> example web pages whenrefering to ldap:
> 
> Some Linux systems (Novell SUSE Linux in particular) add entries to
> the nsswitch.conf file that may cause operational problems with the
> configuration methods adopted in this book. It is advisable to
> comment out the entries passwd_compat and group_compat where they
> are found in this file.
> 
> I too have this problem. Logins worked ok with earlier versions. I
> had a setup which worked fine (can't get at the machine at present)
> that had no nis line present on the initial install, but when I
> tried setting up another machine the nis line has appeared. From my
> notes nsswitch.conf looked like this with an earlier version of
> freebsd and worked ok:
> 
> passwd: files ldap
> shadow: files ldap
> group:  files ldap
> hosts:  files dns
> networks: files
> shells: files

I am not using group_compat and passwd_compat with NIS. 

The following works perfectly fine unless I use xterm or ssh. I've
not messed much with pam and ldap yet. I have it setup for auth, but
that is all.

group: files nis
hosts: files dns
networks: files
passwd: files ldap
shells: files