Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 26 Feb 2006 11:14:31 +0300
From:      Dmitriy Kirhlarov <dimma@higis.ru>
To:        freebsd-stable@freebsd.org
Subject:   nss_ldap problem
Message-ID:  <20060226081431.GA813@dimma.mow.oilspace.com>

next in thread | raw e-mail | index | archive | help
I use nss_ldap-1.239 and nss_ldap-1.244 on 5.4 and 6.0
I have a problem -- login success only if {CRYPT} mechanism used in
ldap database. Other services, authenticated in ldap, work fine
(pam_ldap, apache auth for example).

My configs:
/etc/pam.d/system
# auth
auth		sufficient	pam_opie.so		no_warn no_fake_prompts
auth		requisite	pam_opieaccess.so	no_warn allow_local
auth		sufficient	/usr/local/lib/pam_ldap.so	no_warn try_first_pass
auth		required	pam_unix.so		no_warn try_first_pass nullok
# account
account		required	pam_login_access.so
account		required	/usr/local/lib/pam_ldap.so	ignore_authinfo_unavail ignore_unknown_user
account		required	pam_unix.so
# session
session		required	/usr/local/lib/pam_mkhomedir.so	skel=/etc/skel umask=0077
session		required	pam_lastlog.so		no_fail
# password
password	sufficient	/usr/local/lib/pam_ldap.so	use_authtok
password	required	pam_unix.so		no_warn try_first_pass

/etc/nsswitch.conf
group: ldap files
hosts: files dns
networks: files
passwd: ldap files
shells: files
imap: ldap

/usr/local/etc/ldap.conf
uri ldaps://fbsd
base ou=users,o=oil-space
ldap_version 3
scope one
pam_filter objectClass=posixAccount
pam_login_attribute uid
pam_password md5
nss_base_passwd ou=users,o=oil-space?one
nss_base_shadow ou=users,o=oil-space?one
nss_base_group ou=groups,o=oil-space?one
ssl on
tls_cacertfile /usr/local/etc/ssl/cacert.pem

uname -rs && ls -l /usr/local/etc/nss_ldap.conf && pkg_info -Ix nss_ldap -x pam_ldap
FreeBSD 5.4-STABLE
lrwxr-xr-x  1 root  wheel  24 Feb 22 16:41 /usr/local/etc/nss_ldap.conf -> /usr/local/etc/ldap.conf
nss_ldap-1.244      RFC 2307 NSS module
pam_ldap-1.8.0      A pam module for authenticating with LDAP

Is somebody have the same problems?

WBR
-- 
Dmitriy Kirhlarov
OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia
P:+7 495 105 7247 ext.203 F:+7 495 105 7246 E:DmitriyKirhlarov@oilspace.com
OILspace - The resource enriched - www.oilspace.com



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060226081431.GA813>