From ac8327d8ca3cf51c159862f37b1a1b4eeea8105c Mon Sep 17 00:00:00 2001 From: Benedict Reuschling Date: Sat, 25 Jul 2015 16:21:53 +0000 Subject: [PATCH] The LDAP client configuration part now contains help for users that can not log in because of a missing shell. When shells like bash are on different paths (/bin/bash vs. /usr/local/bin/bash), entries need to be created in /etc/shells and proper symlinks set to make this work. Reviewed by: wblock Approved by: wblock Committed at: Essen FreeBSD Hackathon Differential Revision: https://reviews.freebsd.org/D3194 --- .../articles/ldap-auth/article.xml | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/en_US.ISO8859-1/articles/ldap-auth/article.xml b/en_US.ISO8859-1/articles/ldap-auth/article.xml index d523b15b2c..d1957adb4f 100644 --- a/en_US.ISO8859-1/articles/ldap-auth/article.xml +++ b/en_US.ISO8859-1/articles/ldap-auth/article.xml @@ -448,6 +448,34 @@ cn: tuser correctly, then it will allow access. Otherwise it will fail. + Users whose shell is not in + /etc/shells will not be able to log in. + This is particularly important when + Bash is set as the user shell on + the LDAP server. Bash is not + included with a default installation of &os;. When installed + from a package or port, it is located at + /usr/local/bin/bash. Verify that the + path to the shell on the server is set correctly: + + &prompt.user; getent passwd username + + There are two choices when the output shows + /bin/bash in the last column. The first is + to change the user's entry on the LDAP server to + /usr/local/bin/bash. The second option + is to create a symlink on the LDAP client computer so + Bash is found at the correct + location: + + &prompt.root; ln -s /usr/local/bin/bash /bin/bash + + Make sure that /etc/shells contains + entries for both /usr/local/bin/bash and + /bin/bash. The user will then be able to + log in to the system with Bash as + their shell. + PAM