On (17/10/14 16:46), Orkhan Gasimov wrote:
>1. I use FreeBSD 10.0 64-bit.
>(For some files bits are also important - for example, on a 32-bit machine
>the same configuration of
>/usr/local/etc/sssd/sssd.conf file introduces problems because of the line
>"enumerate = True" in the [domain] section; only after that line is commented
Firstly, We do not recommend to have enabled enumeration.
Secondly, You did not have "enumerate = True" in your domain section.
You have "enumerate = True #to enumerate users and groups"
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
I wrote you in another email that comments should be on different line

>out, sssd starts.)
>
>2. The files you requested are at
>https://cloud.mail.ru/public/afa7e1fad817/pam.d
>
>17-Oct-14 16:30, Lukas Slebodnik пишет:
>>On (17/10/14 15:44), Orkhan Gasimov wrote:
>>>Unfortunately, putting that line in /etc/pam.d/system prevents me from being
I checked your apm configuration and you had wrong line in /etc/pam.d/system
Currently, it is is commented out.
    "#acconut        required        /usr/local/lib/pam_sss.so"
and the correct one is in /etc/pam.d/login
   "account         required        /usr/local/lib/pam_sss.so 
ignore_unknown_user ignore_authinfo_unavail"

You were wrong in comment 
https://forums.freebsd.org/threads/freebsd-freeipa-via-sssd.46526/
Plese move line from login -> system

>>>able to locally login to the BSD client.
>>>At the same time, the same line in /etc/pam.d/sshd or /etc/pam.d/login
>>>doesn't give unexpected behaviours.
>>>Bug, bug, bug...
   no, no, no,
The problem was between chair and keybord.
Sorry, I could not resist :-)

>>>
>>It works for me with FreeBSD 9.3. It is possible that your pam stack is
>>misconfigured.
>>

BTW
After fixing problems with my freeipa 4.0.3, I was able to connect with ssh
to FreeBSD 10 as freeipa_user and local_user.

If I have time in next weeks I will try with clean FreeBSD 10 and will write
some notes.

LS

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to