On 5/24/06, Jason Lixfeld <[EMAIL PROTECTED]> wrote:
On 23-May-06, at 8:48 PM, Atom Powers wrote:

I have no all.log currently.  The only thing showing up in messages
though is:


You have to enable all.log in syslog.conf, and then "touch
/var/log/all.log". I always turn this on because it can catch messages
that are not configured to go to another log file, and sometimes it's
nice to have all your logs in one place. But if you have a noisy
service it can fill your file system.

May 23 18:48:00 ricky slapd[7745]: nss_ldap: could not search LDAP
server - Server is unavailable

That error seems to creep up only when I restart slapd though.

>>
>> I searched through the bugs and it seems there is a bug in nss_ldap
>> with regards to getpwuid, but that seems to be more if an indicator
>> about why finger doesn't work, not why ssh does't work
>>
>> # id testuser seems to work, finger doesn't.  Curious.  Anyway, it
>> still appears as though at least some portions of the system are
>> using LDAP, which is good.
>> $ id testuser
>> uid=2000(testuser) gid=2000(testuser) groups=2000(testuser)
>> $ finger testuser
>> finger: testuser: no such user
>> $
>
> id works because it's using the name service to look up the user (you
> added ldap to your nsswitch.conf, right?)
>
> finger doesn't work because you don't have a /etc/pam.d/finger file.
> Either create one or add pam_ldap to your /etc/pam.d/system file. (I
> always create a new conf file for my ldap enabled apps)

On reflection I may be way off base with this. finger doesn't run *as*
another user, and you don't log into finger. So it shouldn't need a
pam.d file.

Finger doesn't work for ldap accounts on my systems.

Interesting.  Finger *did* work during some of my first attempts at
getting this working.  I changed something (I don't recall what) and
then finger stopped working.

This seems to all work now with built-in ssh.  How strange.

Now, I seem to have hit another snag and a bug (Both of which I
remember reading about this in my travels:)

$id testuser
id: testuser: no such user
# sudo su
Password:
# id testuser
uid=2000(testuser) gid=2000(testuser) groups=2000(testuser)
# cd ~testuser
# pwd
/usr/home/testuser
#ssh [EMAIL PROTECTED]
%id testuser
id: testuser: no such user
%pwd
/usr/home/testuser
%ls -al
Assertion failed: (cfg->ldc_uris[__session.ls_current_uri] != NULL),
function do_init, file ldap-nss.c, line 1193.
Abort (core dumped)
%


I don't seem to have this problem:

[EMAIL PROTECTED]:~$finger apowers
finger: apowers: no such user
[EMAIL PROTECTED]:~$id apowers
uid=1133(apowers) gid=1133(apowers) groups=1133(apowers), 0(wheel)
[EMAIL PROTECTED]:~$ssh localhost
Password:

FreeBSD 6.1-RELEASE (SMP) #0: Sun May  7 04:42:56 UTC 2006
[EMAIL PROTECTED]:~$id apowers
uid=1133(apowers) gid=1133(apowers) groups=1133(apowers), 0(wheel)
[EMAIL PROTECTED]:~$pwd
/home/apowers
[EMAIL PROTECTED]:~$ls -al
total 53216
<snip>

What does your nsswitch.conf look like?
I have:
#nsswitch.conf
group: files ldap
hosts: files dns
networks: files
passwd: files ldap
shells: files


--
--
Perfection is just a word I use occasionally with mustard.
--Atom Powers--
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to