[kde-freebsd] kde/kdm + nsswitch + ldap = nologon

Joe Kraft jvk-list at thekrafts.org
Thu Mar 12 23:06:08 CET 2009

Does anyone use nss_ldap with nsswitch for logins?


Joe Kraft wrote:

> Daniel Eischen wrote:
>> On Sun, 8 Mar 2009, Joe Kraft wrote:
>>> I posted this a couple of days ago to freebsd-quesions, but just
>>> realized I might have more luck here...
>>> I'm trying to implement SSO using Samba-3.2.4 with an LDAP backend.  The
>>> intent is to use ldap directly for FBSD clients and Samba for MS Windows
>>> clients.  I'm currently working on the ldap part
>>> The LDAP server (openldap 2.4.11) is running on a FBSD 6.3 server and is
>>> setup and seems to be working fine, I can log in locally or through SSH
>>> using the ldap accounts.
>>> I'm working on the first client which is a FBSD 7.1 / KDE 3.5.10
>>> machine. I can use ldap to login on this machine, but I'm having issues
>>> with logging in using kdm.  I can see all the users both from local
>>> files and from ldap, but I can't log in using either.  Even when kdm
>>> won't allow a login, I can <ctrl><alt><F8> and get a normal login shell
>>> and login with local or ldap accounts.  The ldap lines are included in
>>> my /etc/pam.d/kde file.
>>> If I remove ldap from the nsswitch.conf file it will start working with
>>> local logins on kdm again.
>>> I ran into a bug report from last summer that appears to still be open
>>> with exactly the same issue
>>> (http://www.freebsd.org/cgi/query-pr.cgi?pr=124321).
>> That was my bug report ;-)
>>> Does anyone know a workaround or have a patch for the issue?  I can
>>> provide config files and such if anyone thinks it might help.
>>> Is this something that is already fixed in KDE 4.2, so I've come up with
>>> my excuse to upgrade?
>> I have not found a fix for this, other than working around
>> the problem by using gdm or xdm as mentioned in the original
>> PR.
>> This *should* work out of the box without any problems -
>> the use of LDAP for login is very common, even in smaller
>> organizations.  Doesn't anyone else use kdm with LDAP
>> logins?
>> Are you using i386 or amd64?  I was only able to try amd64.
> I'm using i386.  I get the exact same errors you do.  I figured maybe we
> had both done the same thing wrong, because I was thinking like you that
> LDAP for logins would be relatively common.
> Joe.

More information about the kde-freebsd mailing list