FreeBSD 7.0, Open LDAP, PAM, TLS and NSS, howto?

Brian A. Seklecki lavalamp at spiritual-machines.org
Fri Sep 28 08:32:18 PDT 2007 

FreeBSD 5.x and 6.x work fine with both PAM and NSS -> LDAP w/ TLS
(PKI).  

All other services (RADIUS, Apache ((mod_ldap, mod_pam_auth), PHP,
interactive shell, SFTP, etc.) can be tied into LDAP either directly or
via PAM.

As for password change, I don't know if anyone has a passwd(1) binary
that properly changes the LDAP password attribute -- if there is and its
out there, it requires ACL insanity.  Like Oracle, you can either
understand OpenLDAP ACLs, or you have real work to do  >:}

        Check the nss_pam.conf and nss_ldap.conf configs in local/etc/*
        -- set to "debug 1" to get debugging info.  Feel free to share
        error messages.

~BAS

On Fri, 2007-09-28 at 10:54 +0000, O. Hartmann wrote:
> Hello out there,
> I have a problem with setting up an FreeBSD box as OpenLDAP server with 
> several services, like SAMBA, NFS.
> 
> The intention is to have a FreeBSD 7.0 fileserver (NFS, SAMBA) also 
> acting as OpenLDAP server. So far. OpenLDAP is up and running, using 
> TLS/SSL certificate. SAMBA is also up and running - but it never 
> connects to the OpenLDAP server due to an connection error, but this 
> shouldn't be the subject here, I have more basic questions about what 
> FreeBSD already has and what to install additionally.
> 
> I want customers to log in on the FBSD box, so they sould log in 
> (authenticated via OpenLDAP), change their passwords and shells and 
> those user specifica should be updated on the LDAP server.
> 
> I already installed pam_ldap-port but ran into trouble because FreeBSD's 
> nss obviously does not have a tag 'ldap' to refere to an OpenLDAP server 
> (and not files).
> Well, I'm confused and not very firm with OpenLDAP/PAM/NSS stuff, 
> especially if SSL/TLS come into play and I would like to ask those 
> herein administering those setups, especially within a hybrid NFS/SAMBA 
> fileservicing environment, where to find up to date 
> informationes/howto/tipps.
> 
> Most websites and HowTo's I found were Linux related or, if related to 
> FreeBSD, outdated.
> 
> Sorry beeing so unspecific, but the problem is complex (to me) so I 
> would better ask for those who are willing to help or give hints and tips.
> 
> Thanks in advance and for your patience,
> Oliver
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
> 
> 
> 
> 
> 
>

More information about the freebsd-questions mailing list