Date: Fri, 28 Sep 2007 10:29:19 -0400 From: "Brian A. Seklecki" <lavalamp@spiritual-machines.org> To: "O. Hartmann" <ohartman@zedat.fu-berlin.de> Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD 7.0, Open LDAP, PAM, TLS and NSS, howto? Message-ID: <1190989759.2994.26.camel@new-host> In-Reply-To: <46FCDD68.6030901@zedat.fu-berlin.de> References: <46FCDD68.6030901@zedat.fu-berlin.de>
next in thread | previous in thread | raw e-mail | index | archive | help
FreeBSD 5.x and 6.x work fine with both PAM and NSS -> LDAP w/ TLS
(PKI).
All other services (RADIUS, Apache ((mod_ldap, mod_pam_auth), PHP,
interactive shell, SFTP, etc.) can be tied into LDAP either directly or
via PAM.
As for password change, I don't know if anyone has a passwd(1) binary
that properly changes the LDAP password attribute -- if there is and its
out there, it requires ACL insanity. Like Oracle, you can either
understand OpenLDAP ACLs, or you have real work to do >:}
Check the nss_pam.conf and nss_ldap.conf configs in local/etc/*
-- set to "debug 1" to get debugging info. Feel free to share
error messages.
~BAS
On Fri, 2007-09-28 at 10:54 +0000, O. Hartmann wrote:
> Hello out there,
> I have a problem with setting up an FreeBSD box as OpenLDAP server with
> several services, like SAMBA, NFS.
>
> The intention is to have a FreeBSD 7.0 fileserver (NFS, SAMBA) also
> acting as OpenLDAP server. So far. OpenLDAP is up and running, using
> TLS/SSL certificate. SAMBA is also up and running - but it never
> connects to the OpenLDAP server due to an connection error, but this
> shouldn't be the subject here, I have more basic questions about what
> FreeBSD already has and what to install additionally.
>
> I want customers to log in on the FBSD box, so they sould log in
> (authenticated via OpenLDAP), change their passwords and shells and
> those user specifica should be updated on the LDAP server.
>
> I already installed pam_ldap-port but ran into trouble because FreeBSD's
> nss obviously does not have a tag 'ldap' to refere to an OpenLDAP server
> (and not files).
> Well, I'm confused and not very firm with OpenLDAP/PAM/NSS stuff,
> especially if SSL/TLS come into play and I would like to ask those
> herein administering those setups, especially within a hybrid NFS/SAMBA
> fileservicing environment, where to find up to date
> informationes/howto/tipps.
>
> Most websites and HowTo's I found were Linux related or, if related to
> FreeBSD, outdated.
>
> Sorry beeing so unspecific, but the problem is complex (to me) so I
> would better ask for those who are willing to help or give hints and tips.
>
> Thanks in advance and for your patience,
> Oliver
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>
>
>
>
>
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1190989759.2994.26.camel>