Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 21 Nov 2005 13:05:33 -0500
From:      Nathan Vidican <nvidican@wmptl.com>
To:        Robert Fitzpatrick <robert@webtent.com>
Cc:        questions@freebsd.org
Subject:   Re: nss_ldap on FreeBSD 5.3
Message-ID:  <43820C6D.6020709@wmptl.com>
In-Reply-To: <1132595361.19759.2.camel@felipa.webtent.org>
References:  <1132587368.21646.11.camel@columbus.webtent.org>	 <4381EC70.8080408@wmptl.com> <1132595361.19759.2.camel@felipa.webtent.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Two things to check, first off, user must be in group 'wheel' (gid 0), in order 
to su, and also check settings in "/etc/pam.d/su", (su has seperate settings).

-- 
Nathan Vidican
nvidican@wmptl.com
Windsor Match Plate & Tool Ltd.
http://www.wmptl.com/

Robert Fitzpatrick wrote:
> On Mon, 2005-11-21 at 10:49 -0500, Nathan Vidican wrote:
> 
>>Robert Fitzpatrick wrote:
>>
>>>I find several docs on setting this up, but none pertaining to linux
>>>compat. Can anyone point me to some instructions for setting this up
>>>properly?
>>
>>Um... actually VERY easy...
>>
>>Step 1:   install nss_ldap & pam_ldap
>>2:        edit /usr/local/etc/nss_ldap.conf
>>	  edit /usr/local/etc/ldap.conf
>>	  edit /usr/local/etc/ldap.secret
>>3:	  edit /etc/nssswitch.conf, change from 'files' to 'files ldap' for 'group', 
>>and 'passwd' (optionally) 'hosts' too.
>>4:	  do a quick 'ldapsearch -x' to make sure you are connecting/searching the 
>>correct ldap tree...
>>5:	  edit /etc/pam.d/<service> file(s) for which types of accounts you want to 
>>authenticate. ie: system, login, ftp, ssh, other, etc... should have to add a 
>>line like:
>>
>>auth            sufficient      /usr/local/lib/pam_ldap.so      try_first_pass
>>
> 
> 
> Thanks, that was easy, I was just missing the part about nss_ldap.conf,
> I didn't realize there was a separate file for nss. I have the logins
> working with gnome well, but I noticed once I login as an LDAP user, I
> cannot su to root in terminal session...
> 
> robert@felipa$ su
> Password:
> su: Sorry
> robert@felipa$
> 
> Can someone point out why this happens?
> 
> --
> Robert
> 
> 
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43820C6D.6020709>