Re: nss_ldap in -CURRENT
> But when I try to change a pass for a LDAP user I get : > passwd: Sorry, `passwd' can only change passwords for local or NIS > users. That's actually strange. >From /usr/src/usr.bin/passwd/passwd.c : /* check where the user's from */ switch (pwd->pw_fields & _PWF_SOURCE) { case _PWF_FILES: fprintf(stderr, "Changing local password for %s\n", pwd->pw_name); break; case _PWF_NIS: fprintf(stderr, "Changing NIS password for %s\n", pwd->pw_name); break; default: /* XXX: Green men ought to be supported via PAM. */ errx(1, "Sorry, `passwd' can only change passwords for local or NIS users."); } So it doesn't want to change passwords for non-local users. However, if you take a look at this source file, after these lines come a bunch of PAM calls... So, is it safe to comment out the errx and recompile passwd ? -- Thomas Deniau "Unix is user friendly. It's just selective when choosing friends." ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Fw: Re: nss_ldap in -CURRENT
On Thu, 7 Aug 2003 01:17:47 +0200 Clement Laforet <[EMAIL PROTECTED]> wrote: > If someone wants to add/correct something. > > Begin forwarded message: > > Date: Thu, 7 Aug 2003 01:14:50 +0200 > From: Clement Laforet <[EMAIL PROTECTED]> > To: Kerberus <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED] > Subject: Re: nss_ldap in -CURRENT > > 9. configure /etc/nsswitch ^^ => /etc/nsswitch.conf -bash-2.05b# cat /etc/nsswitch.conf passwd: files ldap groups: files ldap ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: nss_ldap in -CURRENT
On Thu, 7 Aug 2003 00:43:12 +0200 [EMAIL PROTECTED] (Thomas Deniau) wrote: > Hi ! Hi, > I'm trying to use nss_ldap, to implement ldap authentication, in > 5.1-current. > The LDAP server works perfectly. I've installed the nss_ldap and > pam_ldap ports, edited /usr/local/etc/ldap.conf. put "passwd: files > ldap" and "group:files ldap" in /etc/nsswitch.conf. > > pam_ldap works perfectly : the auth stage succeeds, but then the login > fails : I guess that nss_ldap doesn't find my UID. > > In fact, when I use getpwent() I don't get LDAP users So it seems > that something in nsswitch is not working, but there is no error > logged... > When I try to use id, for example, I get "no such user" for LDAP users. > > So, how can I know if nss_ldap is loaded and what is causing the error ? > Has anyone succeeded in using nss_ldap ? > > Thank you in advance, It works perfectly here :) un simple truss shows you that you need to copy /usr/local/etc/ldap.conf to /etc/ldap.conf. After that it should work. (that works for me) regards, clem ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: nss_ldap in -CURRENT
> So, is it safe to comment out the errx and recompile passwd ? OK, if anyone has the same problems : I've commented out the errx, cc -lpam -o passwd /usr/src/usr.bin/passwd/passwd.c Now the passwd works for LDAP too ;) -- Thomas Deniau "Unix is user friendly. It's just selective when choosing friends." ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Fw: Re: nss_ldap in -CURRENT
If someone wants to add/correct something. Begin forwarded message: Date: Thu, 7 Aug 2003 01:14:50 +0200 From: Clement Laforet <[EMAIL PROTECTED]> To: Kerberus <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] Subject: Re: nss_ldap in -CURRENT On 06 Aug 2003 18:03:30 -0500 Kerberus <[EMAIL PROTECTED]> wrote: > is there a quick howto some where on doing this setup, cause its killing > me 1. Get a working -CURRENT system 2. install /usr/ports/net/openldap21 3. install /usr/ports/net/nss_ldap 4. install /usr/ports/security/pam_ldap 5. set up your openldap server, don't forget to include schema/nis.schema 6. fill users using ldiff (or get a web frontend) 7. configure you /usr/local/etc/ldap.conf 8. ln -s /usr/local/etc/ldap.conf /etc/ldap.conf 9. configure /etc/nsswitch 10. id to test troubleshouting : - if you get an error like this one : Entry (uid=test,ou=users,dc=cultdeadsheep,dc=org), attribute 'field' not allowed in your /var/log/debug log, you have to add it in the schema (see core.schema) should be ok now :) regards, clem ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Fw: Re: nss_ldap in -CURRENT
> 10. id to test OK, things work up to this step. "su" works too. Thank you ! (the symlink thing was missing) Now I'm trying to implement password changes I've put passwordsufficient /usr/local/lib/pam_ldap.so passwordrequiredpam_unix.so no_warn try_first_pass nullok in /etc/pam.d/passwd But when I try to change a pass for a LDAP user I get : passwd: Sorry, `passwd' can only change passwords for local or NIS users. The logs show me that the LDAP query returned the correct value. Any clue ? -- Thomas Deniau "Unix is user friendly. It's just selective when choosing friends." ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
nss_ldap in -CURRENT
Hi ! I'm trying to use nss_ldap, to implement ldap authentication, in 5.1-current. The LDAP server works perfectly. I've installed the nss_ldap and pam_ldap ports, edited /usr/local/etc/ldap.conf. put "passwd: files ldap" and "group:files ldap" in /etc/nsswitch.conf. pam_ldap works perfectly : the auth stage succeeds, but then the login fails : I guess that nss_ldap doesn't find my UID. In fact, when I use getpwent() I don't get LDAP users So it seems that something in nsswitch is not working, but there is no error logged... When I try to use id, for example, I get "no such user" for LDAP users. So, how can I know if nss_ldap is loaded and what is causing the error ? Has anyone succeeded in using nss_ldap ? Thank you in advance, -- Thomas Deniau ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"