Okay, I have understood that there is some difference between a solution and another. But what I need to do is to pull a user with the unix attributes in a 2k3 ad server to a bsd machine. It is already working seamless in a centos enviroment. But there is the nsswitch and pam. My problem is that I have to use the smallest amount possible of space and packages for this to work. For the record I already have the UNIX SFU installed (thought I did mention that).
I had the impression that ypldap.conf is equal to the ldap.conf I use in the centos env. Is that not the case? Is ypldap not used to bind against an ad with a user and pull info that then are used to auth against? ====== I don't know if I need to clarify what I want to do but I will anyway: The existing Active Directory (with SFU) are going to host two types of users one USER with one password and another USER.root with a different password. Then when I ssh against one server I want to use my USER and when inside I use kinit USER.root to gain a "root" ticket (afterwards I use ksu to elevate the USER to the local root account). In Centos I've managed to make this work through editing of /etc/krb5.conf, /etc/openldap/ldap.conf, /etc/ldap.conf, /etc/nsswitch.conf and /etc/pam.d/system-auth. The same applies to all the debian based systems. What I am aiming for is to have the possiblity in BSD just to ssh with my USER and then use su(?) to change to my USER.root. The trouble I'm having is that ypldap.conf does not give the functionality I want and login_ldap seems to do nothing. I know the error is with me so what have I done wrong. The kerberos is working against the AD and I can get tickets but to be able to have all users in one place I need the AD to LDAP connection and this is where I fail. Here is a getent passwd from a centos host (it is still in testing :P) unixUser:*:10001:70000:TEST:/home/bananas:/bin/bash UnixUser.root:*:10005:70000:TEST:/home/bananas:/bin/false test:*:10006:70000:test:/home/bananas:/bin/bash root:x:0:0:root:/root:/bin/bash I want the same to be the case on the bsd but I'm stuck at the error: "yp_first: clnt_call: RPC : Timed out". My first thought was that there was something in the DNS/name space that where giving me trouble but even when I change to the IP of the AD it wont work. I've checked and the kerberos connection never fails. // Regards Spixx
