Hi.
I'm trying to set up LDAP user authentication. I use bet/nss_ldap and
security/pam_ldap ports to do this.
I'm doing this following the article from the documentation set. Though
it's not that complete and misses some very important stuff, I've
actually set up the LDAP installations and my users are able to
successfully authenticate and log in on my servers.
Then I ran into some serious issue. :) When the LDAP server if
off/unavailable, users cannot log in - I mean, even the local users.
nsswitch.conf:
group: files ldap
hosts: files dns
networks: files
passwd: files ldap
shells: files
services: files
protocols: files
rpc: files
If I remove ldap - all is fine, of course, besides the fact that this
breaks the LDAP authentication.
I've read the nsswitch manual and saw that I can handle the unavailable
LDAP server with some action flags, but the default action is 'continue'
already. I also tried the [notfound=return unavail=return
tryagain=return] mantra (it's harmless to try since it's the last
backup) but this didn't work either.
sshd crashes with signal 11, crond does the same. Sad.
On a machine running LDAP server the situation is even funnier: the LDAP
server, even having a local account to work under, still tries to query
himself on start, making the startup impossible.
Can this situation be solved ?
Right now I remove 'ldap' backend, start the slapd, add ldap backends
again and so on.
Thanks.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
