nss_ldap errors
Serge Kestens
serge.kestens at ecx.be
Tue Jan 25 14:44:50 PST 2005
Hi,
i'm trying to use pam_ldap and nss_ldap on a freebsd 5.3 box.
This is my first try to use ldap for sshd logins.
When the user exists in the files i can connect without problem.
I created the same user in ldap with a different password and i can login
with both passwords (files and ldap).
If the user exists only in ldap, it doesn't work
I receive the following error in debug.log
Jan 25 22:19:30 vmldap sshd[608]: NSSWITCH(nss_method_lookup): ldap,
group, setgrent, not found
Jan 25 22:19:30 vmldap sshd[608]: NSSWITCH(nss_method_lookup): ldap,
group, getgrent_r, not found
Jan 25 22:19:30 vmldap sshd[608]: NSSWITCH(nss_method_lookup): ldap,
group, endgrent, not found
Jan 25 22:19:30 vmldap sshd[609]: NSSWITCH(nss_method_lookup): ldap,
passwd, endpwent, not found
Can somebody have a look what i'm doing wrong?
If you need extra info don't hesitate to contact me.
Any help will be appreciated.
Thanks in advance,
Serge
uname -a: vmldap.ecss.be 5.3-RELEASE-p2 FreeBSD 5.3-RELEASE-p2 #0: Tue Dec
21 21:45:18 CET 2004
serge at vmldap.ecss.be:/usr/obj/usr/src/sys/ECXKERNEL i386
##nsswitch.conf
vmldap# cat /etc/nsswitch.conf
passwd: files [NOTFOUND=continue] ldap
group: files [NOTFOUND=continue] ldap
hosts: files dns
networks: files
shells: files
##nss_ldap.conf and ldap.conf
vmldap# cat /usr/local/etc/nss_ldap.conf
host 127.0.0.1
base dc=ecss,dc=be
scope sub
port 389
pam_password md5
ldap_version 3
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberUid
nss_base_passwd ou=people,dc=ecss,dc=be?one
nss_base_group ou=groups,dc=ecss,dc=be?one
nss_base_shadow ou=people,dc=ecss,dc=be?one
#debug testing
logdir /var/log
debug 9
vmldap# cat /etc/pam.d/sshd
#
# $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $
#
# PAM configuration for the "sshd" service
#
auth sufficient /usr/local/lib/pam_ldap.so debug
try_first_pass
# auth
auth required pam_nologin.so no_warn
auth sufficient pam_opie.so no_warn
no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
#auth sufficient pam_krb5.so no_warn
try_first_pass
#auth sufficient pam_ssh.so no_warn
try_first_pass
auth required pam_unix.so no_warn
try_first_pass
# account
#account required pam_krb5.so
account required pam_login_access.so
account sufficient pam_ldap.so debug
account required pam_unix.so
# session
#session optional pam_ssh.so
session required pam_permit.so
# password
#password sufficient pam_krb5.so no_warn
try_first_pass
password sufficient pam_ldap.so debug
password required pam_unix.so no_warn
try_first_pass
More information about the freebsd-questions
mailing list