On Wed, 24 May 2006 07:40:37 -0700 "Atom Powers" <[EMAIL PROTECTED]> wrote:
> On 5/24/06, Jason Lixfeld > <[EMAIL PROTECTED]> wrote: > > On 23-May-06, at 8:48 PM, Atom Powers wrote: > > > > I have no all.log currently. The only thing showing up in > > messages though is: > > > > You have to enable all.log in syslog.conf, and then "touch > /var/log/all.log". I always turn this on because it can catch > messages that are not configured to go to another log file, and > sometimes it's nice to have all your logs in one place. But if you > have a noisy service it can fill your file system. > > > May 23 18:48:00 ricky slapd[7745]: nss_ldap: could not search LDAP > > server - Server is unavailable > > > > That error seems to creep up only when I restart slapd though. > > > > >> > > >> I searched through the bugs and it seems there is a bug in > > >> nss_ldap with regards to getpwuid, but that seems to be more > > >> if an indicator about why finger doesn't work, not why ssh > > >> does't work > > >> > > >> # id testuser seems to work, finger doesn't. Curious. > > >> Anyway, it still appears as though at least some portions of > > >> the system are using LDAP, which is good. > > >> $ id testuser > > >> uid=2000(testuser) gid=2000(testuser) groups=2000(testuser) > > >> $ finger testuser > > >> finger: testuser: no such user > > >> $ > > > > > > id works because it's using the name service to look up the > > > user (you added ldap to your nsswitch.conf, right?) > > > > > > finger doesn't work because you don't have a /etc/pam.d/finger > > > file. Either create one or add pam_ldap to > > > your /etc/pam.d/system file. (I always create a new conf file > > > for my ldap enabled apps) > > On reflection I may be way off base with this. finger doesn't run > *as* another user, and you don't log into finger. So it shouldn't > need a pam.d file. > > Finger doesn't work for ldap accounts on my systems. > > > Interesting. Finger *did* work during some of my first attempts > > at getting this working. I changed something (I don't recall > > what) and then finger stopped working. > > > > This seems to all work now with built-in ssh. How strange. > > > > Now, I seem to have hit another snag and a bug (Both of which I > > remember reading about this in my travels:) > > > > $id testuser > > id: testuser: no such user > > # sudo su > > Password: > > # id testuser > > uid=2000(testuser) gid=2000(testuser) groups=2000(testuser) > > # cd ~testuser > > # pwd > > /usr/home/testuser > > #ssh [EMAIL PROTECTED] > > %id testuser > > id: testuser: no such user > > %pwd > > /usr/home/testuser > > %ls -al > > Assertion failed: (cfg->ldc_uris[__session.ls_current_uri] != > > NULL), function do_init, file ldap-nss.c, line 1193. > > Abort (core dumped) > > % > > > > I don't seem to have this problem: > > [EMAIL PROTECTED]:~$finger apowers > finger: apowers: no such user > [EMAIL PROTECTED]:~$id apowers > uid=1133(apowers) gid=1133(apowers) groups=1133(apowers), 0(wheel) > [EMAIL PROTECTED]:~$ssh localhost > Password: > > FreeBSD 6.1-RELEASE (SMP) #0: Sun May 7 04:42:56 UTC 2006 > [EMAIL PROTECTED]:~$id apowers > uid=1133(apowers) gid=1133(apowers) groups=1133(apowers), 0(wheel) > [EMAIL PROTECTED]:~$pwd > /home/apowers > [EMAIL PROTECTED]:~$ls -al > total 53216 > <snip> > > What does your nsswitch.conf look like? > I have: > #nsswitch.conf > group: files ldap > hosts: files dns > networks: files > passwd: files ldap > shells: files On this note you may want to do something like this. I found this helps things along nicer at startup. group: files [success=return notfound=continue unavail=continue tryagain=continue] ldap passwd: files [success=return notfound=continue unavail=continue tryagain=continue] ldap I though that was the default, but startup goes a bit quicker with it like that. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
