[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP 2.1.23 and pam

To: Frank Thyes <thyes@gmx.net>
Subject: Re: OpenLDAP 2.1.23 and pam
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Tue, 09 Mar 2004 16:28:20 -0800
Cc: openldap-software@OpenLDAP.org
In-reply-to: <20040309204225.GA55406@leela.mars.de>
References: <20040309204225.GA55406@leela.mars.de>

At 12:42 PM 3/9/2004, Frank Thyes wrote:

>Hello,
>I am on the half way to migrate some of my testsystems to OpenLDAP.
>At first NIS should be replaced with ldap. The initial configuration
>is done and works just fine. Now I am running out of ideas. The TLS
>auth is working and the given password doesnt make any problems.
>
># ldapsearch -x -ZZ -D "uid=tester,ou=people,dc=test,dc=de" -W \
>'(uid=tester)'
>Enter LDAP Password:
># extended LDIF
>#
># LDAPv3
># base <> with scope sub
># filter: (uid=tester)
># requesting: ALL
>#
>
># tester, people, test.de
>dn: uid=tester,ou=people,dc=test,dc=de
>objectClass: top
>objectClass: account
>objectClass: posixAccount
>uid: tester
>cn: Test User
>gecos: Test User
>uidNumber: 100
>gidNumber: 100
>homeDirectory: /home/tester
>loginShell: /usr/local/bin/bash
>userPassword:: e0NSWVBUfUkzWUJyRGdFNnRHcWs=
>
># search result
>search: 3
>result: 0 Success
>
># numResponses: 2
># numEntries: 1

Okay, your OpenLDAP configuration seems to work.  The rest
isn't about OpenLDAP Software, but about other software
systems (nss_ldap, pam_ldap, etc.) and hence should be
discussed elsewhere.


>On my FreeBSD 5.2 box is nss_ldap and pam_ldap installed, the
>nsswitch.conf is modified too. The tester (stupid name I know) is in
>the database and was removed from the local system. Now I have tried
>to logon...
>
># id
>uid=0(root) gid=0(wheel) groups=0(wheel), 5(operator)
>
># su - tester
>
>$ id
>uid=100(tester) gid=100(testing) groups=100(testing)
>
>Well done... but logon via ssh didnt work.
>
># ssh tester@localhost
>Password:
>Mar  9 21:07:04 nibbler sshd[74146]: error: PAM: authentication          
>error
>Password:
>
>/etc/pam.d/sshd file....
>
># $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp
># $
>#
># PAM configuration for the "sshd" service
>#
>
># auth
>#auth     required     pam_nologin.so   no_warn no_fake_prompts
>#auth     sufficient   pam_opie.so      no_warn no_fake_prompts
>#auth     requisite    pam_opieaccess.so       no_warn allow_local
>#auth     sufficient   pam_krb5.so     no_warn try_first_pass
>#auth     sufficient   pam_ssh.so      no_warn try_first_pass
>auth      sufficient   /usr/local/lib/pam_ldap.so no_warn
>try_first_pass
>auth      required     pam_unix.so     no_warn try_first_pass
>
>
>Could anyone point me in the right direction? Since I decided to
>play with ldap the dark circles around my eyes are deeply black. 

Suggest the pam/ldap list at <pamldap@padl.com>.


>Any help would be really great.
>
>Regards
>Frank

References:
- OpenLDAP 2.1.23 and pam
  - From: Frank Thyes <thyes@gmx.net>

Prev by Date: Back-Sql MySQL
Next by Date: slapd.conf
Index(es):
- Chronological
- Thread