FreeBSD 7.0, Open LDAP, PAM, TLS and NSS, howto?
Brian A. Seklecki
lavalamp at spiritual-machines.org
Fri Sep 28 08:32:18 PDT 2007
FreeBSD 5.x and 6.x work fine with both PAM and NSS -> LDAP w/ TLS
(PKI).
All other services (RADIUS, Apache ((mod_ldap, mod_pam_auth), PHP,
interactive shell, SFTP, etc.) can be tied into LDAP either directly or
via PAM.
As for password change, I don't know if anyone has a passwd(1) binary
that properly changes the LDAP password attribute -- if there is and its
out there, it requires ACL insanity. Like Oracle, you can either
understand OpenLDAP ACLs, or you have real work to do >:}
Check the nss_pam.conf and nss_ldap.conf configs in local/etc/*
-- set to "debug 1" to get debugging info. Feel free to share
error messages.
~BAS
On Fri, 2007-09-28 at 10:54 +0000, O. Hartmann wrote:
> Hello out there,
> I have a problem with setting up an FreeBSD box as OpenLDAP server with
> several services, like SAMBA, NFS.
>
> The intention is to have a FreeBSD 7.0 fileserver (NFS, SAMBA) also
> acting as OpenLDAP server. So far. OpenLDAP is up and running, using
> TLS/SSL certificate. SAMBA is also up and running - but it never
> connects to the OpenLDAP server due to an connection error, but this
> shouldn't be the subject here, I have more basic questions about what
> FreeBSD already has and what to install additionally.
>
> I want customers to log in on the FBSD box, so they sould log in
> (authenticated via OpenLDAP), change their passwords and shells and
> those user specifica should be updated on the LDAP server.
>
> I already installed pam_ldap-port but ran into trouble because FreeBSD's
> nss obviously does not have a tag 'ldap' to refere to an OpenLDAP server
> (and not files).
> Well, I'm confused and not very firm with OpenLDAP/PAM/NSS stuff,
> especially if SSL/TLS come into play and I would like to ask those
> herein administering those setups, especially within a hybrid NFS/SAMBA
> fileservicing environment, where to find up to date
> informationes/howto/tipps.
>
> Most websites and HowTo's I found were Linux related or, if related to
> FreeBSD, outdated.
>
> Sorry beeing so unspecific, but the problem is complex (to me) so I
> would better ask for those who are willing to help or give hints and tips.
>
> Thanks in advance and for your patience,
> Oliver
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
>
>
>
>
>
More information about the freebsd-questions
mailing list