Re: nss_ldap on FreeBSD 5.3
On Mon, 2005-11-21 at 13:05 -0500, Nathan Vidican wrote: > Two things to check, first off, user must be in group 'wheel' (gid 0), in > order > to su, and also check settings in "/etc/pam.d/su", (su has seperate settings). > wheel, duh! sorry for asking such stupid questions. I hope this one is not so stupid - how can I get the users to show up on the user list in the gdm when using a template that shows a list of all users? I have /etc/pam.d/gdm all setup and can login no problem with LDAP users. Actually, this list does not even populate with the system users. BTW, after several years working with FreeBSD as a server, this is the first time using FreeBSD as a workstation with GUI, very nice. I think better than my Linux workstation as far as the number of bugs (haven't found any yet). But I'll have to admit, the setup for things like LDAP much easier in SuSE Linux, all integrated into GUI. But I choose stability over ease of use. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: nss_ldap on FreeBSD 5.3
Two things to check, first off, user must be in group 'wheel' (gid 0), in order to su, and also check settings in "/etc/pam.d/su", (su has seperate settings). -- Nathan Vidican [EMAIL PROTECTED] Windsor Match Plate & Tool Ltd. http://www.wmptl.com/ Robert Fitzpatrick wrote: On Mon, 2005-11-21 at 10:49 -0500, Nathan Vidican wrote: Robert Fitzpatrick wrote: I find several docs on setting this up, but none pertaining to linux compat. Can anyone point me to some instructions for setting this up properly? Um... actually VERY easy... Step 1: install nss_ldap & pam_ldap 2:edit /usr/local/etc/nss_ldap.conf edit /usr/local/etc/ldap.conf edit /usr/local/etc/ldap.secret 3: edit /etc/nssswitch.conf, change from 'files' to 'files ldap' for 'group', and 'passwd' (optionally) 'hosts' too. 4: do a quick 'ldapsearch -x' to make sure you are connecting/searching the correct ldap tree... 5: edit /etc/pam.d/ file(s) for which types of accounts you want to authenticate. ie: system, login, ftp, ssh, other, etc... should have to add a line like: authsufficient /usr/local/lib/pam_ldap.so try_first_pass Thanks, that was easy, I was just missing the part about nss_ldap.conf, I didn't realize there was a separate file for nss. I have the logins working with gnome well, but I noticed once I login as an LDAP user, I cannot su to root in terminal session... [EMAIL PROTECTED] su Password: su: Sorry [EMAIL PROTECTED] Can someone point out why this happens? -- Robert ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: nss_ldap on FreeBSD 5.3
On Mon, 2005-11-21 at 10:49 -0500, Nathan Vidican wrote: > Robert Fitzpatrick wrote: > > I find several docs on setting this up, but none pertaining to linux > > compat. Can anyone point me to some instructions for setting this up > > properly? > Um... actually VERY easy... > > Step 1: install nss_ldap & pam_ldap > 2:edit /usr/local/etc/nss_ldap.conf > edit /usr/local/etc/ldap.conf > edit /usr/local/etc/ldap.secret > 3: edit /etc/nssswitch.conf, change from 'files' to 'files ldap' for > 'group', > and 'passwd' (optionally) 'hosts' too. > 4: do a quick 'ldapsearch -x' to make sure you are connecting/searching > the > correct ldap tree... > 5: edit /etc/pam.d/ file(s) for which types of accounts you > want to > authenticate. ie: system, login, ftp, ssh, other, etc... should have to add a > line like: > > authsufficient /usr/local/lib/pam_ldap.so try_first_pass > Thanks, that was easy, I was just missing the part about nss_ldap.conf, I didn't realize there was a separate file for nss. I have the logins working with gnome well, but I noticed once I login as an LDAP user, I cannot su to root in terminal session... [EMAIL PROTECTED] su Password: su: Sorry [EMAIL PROTECTED] Can someone point out why this happens? -- Robert ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: nss_ldap on FreeBSD 5.3
Robert Fitzpatrick wrote: I find several docs on setting this up, but none pertaining to linux compat. Can anyone point me to some instructions for setting this up properly? -- Robert ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" Um... actually VERY easy... Step 1: install nss_ldap & pam_ldap 2:edit /usr/local/etc/nss_ldap.conf edit /usr/local/etc/ldap.conf edit /usr/local/etc/ldap.secret 3: edit /etc/nssswitch.conf, change from 'files' to 'files ldap' for 'group', and 'passwd' (optionally) 'hosts' too. 4: do a quick 'ldapsearch -x' to make sure you are connecting/searching the correct ldap tree... 5: edit /etc/pam.d/ file(s) for which types of accounts you want to authenticate. ie: system, login, ftp, ssh, other, etc... should have to add a line like: authsufficient /usr/local/lib/pam_ldap.so try_first_pass That should be it. Assuming your librairies are up to date, you have a valid db/tree in ldap you can connect and search... then you should be able to login right away. -- Nathan Vidican [EMAIL PROTECTED] Windsor Match Plate & Tool Ltd. http://www.wmptl.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
nss_ldap on FreeBSD 5.3
I find several docs on setting this up, but none pertaining to linux compat. Can anyone point me to some instructions for setting this up properly? -- Robert ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"