Index: en_US.ISO8859-1/articles/ldap-auth/article.xml
===================================================================
--- en_US.ISO8859-1/articles/ldap-auth/article.xml
+++ en_US.ISO8859-1/articles/ldap-auth/article.xml
@@ -448,6 +448,34 @@
correctly, then it will allow access. Otherwise it will
fail.
+ Users whose shell is not in
+ /etc/shells will not be able to log in.
+ This is particularly important when
+ Bash is set as the user shell on
+ the LDAP server. Bash is not
+ included with a default installation of &os;. When installed
+ from a package or port, it is located at
+ /usr/local/bin/bash. Verify that the
+ path to the shell on the server is set correctly:
+
+ &prompt.user; getent passwd username
+
+ There are two choices when the output shows
+ /bin/bash in the last column. The first is
+ to change the user's entry on the LDAP server to
+ /usr/local/bin/bash. The second option
+ is to create a symlink on the LDAP client computer so
+ Bash is found at the correct
+ location:
+
+ &prompt.root; ln -s /usr/local/bin/bash /bin/bash
+
+ Make sure that /etc/shells contains
+ entries for both /usr/local/bin/bash and
+ /bin/bash. The user will then be able to
+ log in to the system with Bash as
+ their shell.
+
PAM