1. About enumerate with comments on the same line - it doesn't cause any problems on my FreeBSD 10 64-bit. Enumerate causes problems on my FreeBSD 10 32-bit - that could be because of a comment on the same line & I could check it, but if it's not recommended to have enumerate at all, then I'll leave it.
2. About my pam.d files - please read carefully my previous posts. I commented out the line in pam.d -> system and added it explicitly to pam.d -> login because otherwise I get locked out from the machine. I sent you the WORKING configuration and not the one which was recommended at FreeBSD posts (and also by you). And yes, in pam.d -> system there's no "ignore bla bla bla part" because in that file the line "account required /usr/local/lib/pam_sss.so" just doesn't work, with or without that part. That's what I was talking about in my reply to the post at FreeBSD forums and that's why I considered unimportant readding that "ignore ..." part in the commented "account ..." line when sending pam.d files to you. 3. I like your idea of checking everything on a blank FreeaBSD 10 setup - that way you will really determine whether the problem is between the chair and the keyboard or not. Отправлено от Blue Mail На 2:36, 19.10.2014, в 2:36, Lukas Slebodnik <lsleb...@redhat.com> написал:п>On (17/10/14 16:46), Orkhan Gasimov wrote: >>1. I use FreeBSD 10.0 64-bit. >>(For some files bits are also important - for example, on a 32-bit >machine >>the same configuration of >>/usr/local/etc/sssd/sssd.conf file introduces problems because of the >line >>"enumerate = True" in the [domain] section; only after that line is >commented >Firstly, We do not recommend to have enabled enumeration. >Secondly, You did not have "enumerate = True" in your domain section. >You have "enumerate = True #to enumerate users and groups" > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >I wrote you in another email that comments should be on different line > >>out, sssd starts.) >> >>2. The files you requested are at >>https://cloud.mail.ru/public/afa7e1fad817/pam.d >> >>17-Oct-14 16:30, Lukas Slebodnik пишет: >>>On (17/10/14 15:44), Orkhan Gasimov wrote: >>>>Unfortunately, putting that line in /etc/pam.d/system prevents me >from being >I checked your apm configuration and you had wrong line in >/etc/pam.d/system >Currently, it is is commented out. > "#acconut required /usr/local/lib/pam_sss.so" >and the correct one is in /etc/pam.d/login >"account required /usr/local/lib/pam_sss.so >ignore_unknown_user ignore_authinfo_unavail" > >You were wrong in comment >https://forums.freebsd.org/threads/freebsd-freeipa-via-sssd.46526/ >Plese move line from login -> system > >>>>able to locally login to the BSD client. >>>>At the same time, the same line in /etc/pam.d/sshd or >/etc/pam.d/login >>>>doesn't give unexpected behaviours. >>>>Bug, bug, bug... > no, no, no, >The problem was between chair and keybord. >Sorry, I could not resist :-) > >>>> >>>It works for me with FreeBSD 9.3. It is possible that your pam stack >is >>>misconfigured. >>> > >BTW >After fixing problems with my freeipa 4.0.3, I was able to connect with >ssh >to FreeBSD 10 as freeipa_user and local_user. > >If I have time in next weeks I will try with clean FreeBSD 10 and will >write >some notes. > >LS
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project