Hi, I've got a server running 5.21. Last build/install world was about 6 weeks ago. Last 'portupgrade -a -R -r' was yesterday.
I'm been struggling to get Samba 3.05 installed and playing nicely via LDAP. I think I've finally managed to get everything working properly as far as Samba is concerned, however I have one problem and one question. My problem is that users who *only* exist in the LDAP database can't seem to SSH into the box. Also, not only must users exist in /etc/passwd to successfully SSH into the box but the order in while "files" and "ldap" are listed in /etc/nsswitch.conf makes a difference, too. "Files" must be placed before "ldap" in /etc/nsswitch.conf for users to successfully SSH into the box. I don't understand why this is since the test account in question has the same information in both LDAP and /etc/passwd (and the same password, etc). Other services such as POP3 and SMTP work just fine with users only in LDAP. I suspect it's my /etc/pam.d/sshd configuration. That file looks like this: # # $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $ # # PAM configuration for the "sshd" service # # auth auth sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass debug auth required pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth required pam_unix.so no_warn try_first_pass # account account required pam_login_access.so account required pam_unix.so # session session required pam_permit.so # password password required pam_unix.so no_warn try_first_pass Does anyone see anything in this file that would cause the behavior I'm experiencing? Lastly, my final general question is about FreeBSD's implementation of /etc/nsswitch.conf. I don't see support for shadow passwords. Should a FreeBSD box's /etc/nsswitch.conf file make any type of reference to shadow passwords? TIA, --Sean. _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
