Re: OpenLDAP/nss_ldap/pam_ldap
On Wednesday 29 October 2003 00:42, you wrote: I just checked the FreeBSD site and do not see any release 5.2 It is not release yet :) Once i can hurl this obsticle, i think FreeBSD might be a viable solution for me. Well, let be it then... I'm running -CURRENT with dynamic root and it works great. Antoine ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
OpenLDAP/nss_ldap/pam_ldap
Question ? I am using FreeBSD 5.1 I have a linux server with openldap running on it authenticating Solaris and Linux box and now FreeBSD 5.1 I have gotten FreeBSD 5.1 to authenticate user remotely ssh ing to the box. They can log in, but when they log in, the system shows their userid instead of the username when you do a ps. this tells me something might be wrong with nss_ldap. but not sure what i am doing wrong. I can do id username which it returns the user information. does anyone have an idea what i didn't do during my setup of OpenLDAP/nss_ldap/pam_ldap ? Thanks. Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OpenLDAP/nss_ldap/pam_ldap
Hi, Steve! On Tue, Oct 28, 2003 at 02:52:51PM -0800, Steve Lee wrote: Question ? I am using FreeBSD 5.1 I have gotten FreeBSD 5.1 to authenticate user remotely ssh ing to the box. They can log in, but when they log in, the system shows their userid instead of the username when you do a ps. this tells me something might be wrong with nss_ldap. but not sure what i am doing wrong. I can do id username which it returns the user information. does anyone have an idea what i didn't do during my setup of OpenLDAP/nss_ldap/pam_ldap ? Thanks. I would like to confirm that such weirdness exists... I do use nss_ldap and also noticed, that some of the programs, like ls, show numeric id of the user, when other, like top, show normal username, retrieved from LDAP server. Short investigation brought me to the conclusion, that the behaviour differs depending if the program was linked against libc statically or dynamically... This short code exposes the problem: #include stdio.h #include pwd.h int main () { struct passwd *pw = getpwuid(1002); printf(%s\n, (pw) ? pw-pw_name : none); } Instead of 1002 put the uid of the user from LDAP. If you compile this program as: gcc test.c -o test Which normally implies dynamic linking, when you should get username in the output. If you compile it as: gcc -static test.c -o test When none will be printed instead... So, the problem lays somewhere in the libc, in the way, how getpwuid and friends work in the dynamic and static context with NSS... I don't know, is this a bug or a feature :) If first, then, probably, PR should be created. With regards, Timur. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OpenLDAP/nss_ldap/pam_ldap
On Tuesday 28 October 2003 23:52, Steve Lee wrote: I have gotten FreeBSD 5.1 to authenticate user remotely ssh ing to the box. They can log in, but when they log in, the system shows their userid instead of the username when you do a ps. this tells me something might be wrong with nss_ldap. but not sure what i am doing wrong. I can do id username which it returns the user information. You need to build FreeBSD with dynamic libraries... It only works under -CURRENT with the WITH_DYNAMICROOT=true option in your make.conf. I think it is supposed to be the default for 5.2-RELEASE. Antoine ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OpenLDAP/nss_ldap/pam_ldap
Sorry for my ignorance, i am new to FreeBSD. i have tried to use it in the past ( 2years ago ) but decided to wait to till the nss_ldap support was added for nsswitch so i can use openldap. Now, when you say rebuild, how would i rebuild FreeBSD dynamically, or are you saying to rebuild the application that were statically linked dynamically ? I just checked the FreeBSD site and do not see any release 5.2 Once i can hurl this obsticle, i think FreeBSD might be a viable solution for me. Thanks again for your time. On Wed, 29 Oct 2003, Antoine Jacoutot wrote: On Tuesday 28 October 2003 23:52, Steve Lee wrote: I have gotten FreeBSD 5.1 to authenticate user remotely ssh ing to the box. They can log in, but when they log in, the system shows their userid instead of the username when you do a ps. this tells me something might be wrong with nss_ldap. but not sure what i am doing wrong. I can do id username which it returns the user information. You need to build FreeBSD with dynamic libraries... It only works under -CURRENT with the WITH_DYNAMICROOT=true option in your make.conf. I think it is supposed to be the default for 5.2-RELEASE. Antoine ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OpenLDAP/nss_ldap/pam_ldap
Steve Lee wrote: Sorry for my ignorance, i am new to FreeBSD. i have tried to use it in the past ( 2years ago ) but decided to wait to till the nss_ldap support was added for nsswitch so i can use openldap. Now, when you say rebuild, how would i rebuild FreeBSD dynamically, or are you saying to rebuild the application that were statically linked dynamically ? I just checked the FreeBSD site and do not see any release 5.2 You might do best to sit back and wait a little while and try again. 5.2 is not available yet. I don't know what the current schedule is, exactly, but I'm guessing 3 months or so in the future. To the get the dynamic root capability that Antoine spoke of, you'll need to update your 5.1 FreeBSD to the latest development sources, which can be rather dicey (especially if you're new to FreeBSD). If you want to try it, the docs are here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cutting-edge.html If you decide to try upgrading to -CURRENT to try this feature out, don't hesitate to ask this (or the [EMAIL PROTECTED]) list if you have problems, we'll help. After you do the cvsup, but before doing the make steps, you'll need to create a custom /etc/make.conf to tell FreeBSD to build a dynamic root. Just create the file /etc/make.conf and put the line WITH_DYNAMICROOT=true in it (you can also add other build options to /etc/make.conf per the docs). Then run the make steps in the documentation. Hope this helps. On Wed, 29 Oct 2003, Antoine Jacoutot wrote: On Tuesday 28 October 2003 23:52, Steve Lee wrote: I have gotten FreeBSD 5.1 to authenticate user remotely ssh ing to the box. They can log in, but when they log in, the system shows their userid instead of the username when you do a ps. this tells me something might be wrong with nss_ldap. but not sure what i am doing wrong. I can do id username which it returns the user information. You need to build FreeBSD with dynamic libraries... It only works under -CURRENT with the WITH_DYNAMICROOT=true option in your make.conf. I think it is supposed to be the default for 5.2-RELEASE. Antoine -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]