[kde-freebsd] kde/kdm + nsswitch + ldap = nologon
jvk-list at thekrafts.org
Thu Mar 12 23:06:08 CET 2009
Does anyone use nss_ldap with nsswitch for logins?
Joe Kraft wrote:
> Daniel Eischen wrote:
>> On Sun, 8 Mar 2009, Joe Kraft wrote:
>>> I posted this a couple of days ago to freebsd-quesions, but just
>>> realized I might have more luck here...
>>> I'm trying to implement SSO using Samba-3.2.4 with an LDAP backend. The
>>> intent is to use ldap directly for FBSD clients and Samba for MS Windows
>>> clients. I'm currently working on the ldap part
>>> The LDAP server (openldap 2.4.11) is running on a FBSD 6.3 server and is
>>> setup and seems to be working fine, I can log in locally or through SSH
>>> using the ldap accounts.
>>> I'm working on the first client which is a FBSD 7.1 / KDE 3.5.10
>>> machine. I can use ldap to login on this machine, but I'm having issues
>>> with logging in using kdm. I can see all the users both from local
>>> files and from ldap, but I can't log in using either. Even when kdm
>>> won't allow a login, I can <ctrl><alt><F8> and get a normal login shell
>>> and login with local or ldap accounts. The ldap lines are included in
>>> my /etc/pam.d/kde file.
>>> If I remove ldap from the nsswitch.conf file it will start working with
>>> local logins on kdm again.
>>> I ran into a bug report from last summer that appears to still be open
>>> with exactly the same issue
>> That was my bug report ;-)
>>> Does anyone know a workaround or have a patch for the issue? I can
>>> provide config files and such if anyone thinks it might help.
>>> Is this something that is already fixed in KDE 4.2, so I've come up with
>>> my excuse to upgrade?
>> I have not found a fix for this, other than working around
>> the problem by using gdm or xdm as mentioned in the original
>> This *should* work out of the box without any problems -
>> the use of LDAP for login is very common, even in smaller
>> organizations. Doesn't anyone else use kdm with LDAP
>> Are you using i386 or amd64? I was only able to try amd64.
> I'm using i386. I get the exact same errors you do. I figured maybe we
> had both done the same thing wrong, because I was thinking like you that
> LDAP for logins would be relatively common.
More information about the kde-freebsd