I use nss_ldap-1.239 and nss_ldap-1.244 on 5.4 and 6.0 I have a problem -- login success only if {CRYPT} mechanism used in ldap database. Other services, authenticated in ldap, work fine (pam_ldap, apache auth for example).
My configs: /etc/pam.d/system # auth auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass nullok # account account required pam_login_access.so account required /usr/local/lib/pam_ldap.so ignore_authinfo_unavail ignore_unknown_user account required pam_unix.so # session session required /usr/local/lib/pam_mkhomedir.so skel=/etc/skel umask=0077 session required pam_lastlog.so no_fail # password password sufficient /usr/local/lib/pam_ldap.so use_authtok password required pam_unix.so no_warn try_first_pass /etc/nsswitch.conf group: ldap files hosts: files dns networks: files passwd: ldap files shells: files imap: ldap /usr/local/etc/ldap.conf uri ldaps://fbsd base ou=users,o=oil-space ldap_version 3 scope one pam_filter objectClass=posixAccount pam_login_attribute uid pam_password md5 nss_base_passwd ou=users,o=oil-space?one nss_base_shadow ou=users,o=oil-space?one nss_base_group ou=groups,o=oil-space?one ssl on tls_cacertfile /usr/local/etc/ssl/cacert.pem uname -rs && ls -l /usr/local/etc/nss_ldap.conf && pkg_info -Ix nss_ldap -x pam_ldap FreeBSD 5.4-STABLE lrwxr-xr-x 1 root wheel 24 Feb 22 16:41 /usr/local/etc/nss_ldap.conf -> /usr/local/etc/ldap.conf nss_ldap-1.244 RFC 2307 NSS module pam_ldap-1.8.0 A pam module for authenticating with LDAP Is somebody have the same problems? WBR -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 495 105 7247 ext.203 F:+7 495 105 7246 E:[EMAIL PROTECTED] OILspace - The resource enriched - www.oilspace.com _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"