Date: Wed, 24 May 2006 07:40:37 -0700 From: "Atom Powers" <atom.powers@gmail.com> To: "Jason Lixfeld" <jason+lists.freebsd-questions@lixfeld.ca> Cc: FreeBSD Questions Mailing List <freebsd-questions@freebsd.org> Subject: Re: Trouble with nss|pam|openldap Message-ID: <df9ac37c0605240740o67ef8622s8c58c659ce264520@mail.gmail.com> In-Reply-To: <71C11F58-32D9-4EBF-B35E-F1730184B706@lixfeld.ca> References: <7DAD87F3-C2BD-4776-A98A-6EFDAD335594@lixfeld.ca> <df9ac37c0605231748n4e3abbb4he8829f2edfe264dc@mail.gmail.com> <71C11F58-32D9-4EBF-B35E-F1730184B706@lixfeld.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/24/06, Jason Lixfeld <jason+lists.freebsd-questions@lixfeld.ca> wrote: > On 23-May-06, at 8:48 PM, Atom Powers wrote: > > I have no all.log currently. The only thing showing up in messages > though is: > You have to enable all.log in syslog.conf, and then "touch /var/log/all.log". I always turn this on because it can catch messages that are not configured to go to another log file, and sometimes it's nice to have all your logs in one place. But if you have a noisy service it can fill your file system. > May 23 18:48:00 ricky slapd[7745]: nss_ldap: could not search LDAP > server - Server is unavailable > > That error seems to creep up only when I restart slapd though. > > >> > >> I searched through the bugs and it seems there is a bug in nss_ldap > >> with regards to getpwuid, but that seems to be more if an indicator > >> about why finger doesn't work, not why ssh does't work > >> > >> # id testuser seems to work, finger doesn't. Curious. Anyway, it > >> still appears as though at least some portions of the system are > >> using LDAP, which is good. > >> $ id testuser > >> uid=3D2000(testuser) gid=3D2000(testuser) groups=3D2000(testuser) > >> $ finger testuser > >> finger: testuser: no such user > >> $ > > > > id works because it's using the name service to look up the user (you > > added ldap to your nsswitch.conf, right?) > > > > finger doesn't work because you don't have a /etc/pam.d/finger file. > > Either create one or add pam_ldap to your /etc/pam.d/system file. (I > > always create a new conf file for my ldap enabled apps) On reflection I may be way off base with this. finger doesn't run *as* another user, and you don't log into finger. So it shouldn't need a pam.d file. Finger doesn't work for ldap accounts on my systems. > Interesting. Finger *did* work during some of my first attempts at > getting this working. I changed something (I don't recall what) and > then finger stopped working. > > This seems to all work now with built-in ssh. How strange. > > Now, I seem to have hit another snag and a bug (Both of which I > remember reading about this in my travels:) > > $id testuser > id: testuser: no such user > # sudo su > Password: > # id testuser > uid=3D2000(testuser) gid=3D2000(testuser) groups=3D2000(testuser) > # cd ~testuser > # pwd > /usr/home/testuser > #ssh testuser@localhost > %id testuser > id: testuser: no such user > %pwd > /usr/home/testuser > %ls -al > Assertion failed: (cfg->ldc_uris[__session.ls_current_uri] !=3D NULL), > function do_init, file ldap-nss.c, line 1193. > Abort (core dumped) > % > I don't seem to have this problem: apowers@DIT793:~$finger apowers finger: apowers: no such user apowers@DIT793:~$id apowers uid=3D1133(apowers) gid=3D1133(apowers) groups=3D1133(apowers), 0(wheel) apowers@DIT793:~$ssh localhost Password: FreeBSD 6.1-RELEASE (SMP) #0: Sun May 7 04:42:56 UTC 2006 apowers@DIT793:~$id apowers uid=3D1133(apowers) gid=3D1133(apowers) groups=3D1133(apowers), 0(wheel) apowers@DIT793:~$pwd /home/apowers apowers@DIT793:~$ls -al total 53216 <snip> What does your nsswitch.conf look like? I have: #nsswitch.conf group: files ldap hosts: files dns networks: files passwd: files ldap shells: files --=20 -- Perfection is just a word I use occasionally with mustard. --Atom Powers--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?df9ac37c0605240740o67ef8622s8c58c659ce264520>