nss_ldap errors

Serge Kestens serge.kestens at ecx.be
Tue Jan 25 14:44:50 PST 2005 

Hi,

i'm trying to use pam_ldap and nss_ldap on a freebsd 5.3 box.
This is my first try to use ldap for sshd logins.
When the user exists in the files i can connect without problem.
I created the same user in ldap with a different password and i can login
with both passwords (files and ldap).
If the user exists only in ldap, it doesn't work
I receive the following error in debug.log
Jan 25 22:19:30 vmldap sshd[608]: NSSWITCH(nss_method_lookup): ldap,
group, setgrent, not found
Jan 25 22:19:30 vmldap sshd[608]: NSSWITCH(nss_method_lookup): ldap,
group, getgrent_r, not found
Jan 25 22:19:30 vmldap sshd[608]: NSSWITCH(nss_method_lookup): ldap,
group, endgrent, not found
Jan 25 22:19:30 vmldap sshd[609]: NSSWITCH(nss_method_lookup): ldap,
passwd, endpwent, not found

Can somebody have a look what i'm doing wrong?
If you need extra info don't hesitate to contact me.
Any help will be appreciated.

Thanks in advance,
Serge



uname -a: vmldap.ecss.be 5.3-RELEASE-p2 FreeBSD 5.3-RELEASE-p2 #0: Tue Dec
21 21:45:18 CET 2004    
serge at vmldap.ecss.be:/usr/obj/usr/src/sys/ECXKERNEL  i386
##nsswitch.conf
vmldap# cat /etc/nsswitch.conf
passwd: files [NOTFOUND=continue] ldap
group: files [NOTFOUND=continue] ldap
hosts: files dns
networks: files
shells: files

##nss_ldap.conf and ldap.conf
vmldap# cat /usr/local/etc/nss_ldap.conf
host 127.0.0.1
base dc=ecss,dc=be
scope sub
port 389
pam_password md5
ldap_version 3
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberUid
nss_base_passwd ou=people,dc=ecss,dc=be?one
nss_base_group ou=groups,dc=ecss,dc=be?one
nss_base_shadow ou=people,dc=ecss,dc=be?one
#debug testing
logdir /var/log
debug 9

vmldap# cat /etc/pam.d/sshd
#
# $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $
#
# PAM configuration for the "sshd" service
#
auth            sufficient      /usr/local/lib/pam_ldap.so debug
try_first_pass
# auth
auth           required        pam_nologin.so          no_warn
auth            sufficient      pam_opie.so             no_warn
no_fake_prompts
auth            requisite       pam_opieaccess.so       no_warn allow_local
#auth           sufficient      pam_krb5.so             no_warn
try_first_pass
#auth           sufficient      pam_ssh.so              no_warn
try_first_pass
auth            required        pam_unix.so             no_warn
try_first_pass

# account
#account        required        pam_krb5.so
account         required        pam_login_access.so
account         sufficient      pam_ldap.so             debug
account         required        pam_unix.so

# session
#session        optional        pam_ssh.so
session         required        pam_permit.so

# password
#password       sufficient      pam_krb5.so             no_warn
try_first_pass
password        sufficient      pam_ldap.so             debug
password        required        pam_unix.so             no_warn
try_first_pass

More information about the freebsd-questions mailing list