[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: problems with OpenLDAP (Debian and FreeBSD)



On Thu, 31 Jul 2003, Matthias Fechner wrote:

> Hi,
>
> i have here a FreeBSD-Server(5.1) with OpenLDAP 2.2.0.a_2 running.
> What i want to do, is manage my useraccounts with ldap.
> For this i have created a directory with ldap and created a user:
> ---
> dn: uid=test, ou=people,dc=fechner, dc=net
> objectClass: top
> objectClass: account
> objectClass: posixAccount
> objectClass: shadowAccount
> uid: test
> cn: Lester the Nightfly
> userPassword: {crypt}test
> gecos: Test
> loginShell: /bin/csh
> uidNumber: 10000
> gidNumber: 10000
> homeDirectory: /home/idefix
> ---
>
> The password is test and i am using as hash algo crypt.
> This seems to work fine, i can login with debian.
> But i cannot login from FreeBSD. Though i tried to chage it to md5.
>
> I changed the password to md5 and if i try to login it will not work.
> >From debain->freebsd i get the following logfile:
> ---
> conn=38 fd=22 ACCEPT from IP=192.168.0.151:33436 (IP=0.0.0.0:389)
> conn=38 op=0 BIND dn="" method=128
> conn=38 op=0 RESULT tag=97 err=0 text=
> conn=38 op=1 SRCH base="ou=People,dc=fechner,dc=net" scope=2
> filter="(&(objectClass=posixAccount)(uid=test))"
> conn=38 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn
> homeDirectory loginShell gecos description objectClass
> conn=38 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
> conn=38 op=2 SRCH base="ou=People,dc=fechner,dc=net" scope=2
> filter="(&(objectClass=posixAccount)(uid=test))"
> conn=38 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn
> homeDirectory loginShell gecos description objectClass
> conn=38 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
> conn=38 op=3 SRCH base="dc=fechner,dc=net" scope=2
> filter="(&(objectClass=shadowAccount)(uid=test))"
> conn=38 op=3 SRCH attr=uid userPassword shadowLastChange shadowMax
> shadowMin shadowWarning shadowInactive shadowExpire
> conn=38 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
> conn=38 fd=22 closed
> ---
>
> If i tried it from freebsd->freebsd i get the following logile:
> ---
> conn=40 fd=23 ACCEPT from IP=192.168.0.251:52590 (IP=0.0.0.0:389)
> conn=40 op=0 BIND dn="" method=128
> conn=40 op=0 RESULT tag=97 err=0 text=
> conn=40 op=1 SRCH base="ou=People,dc=fechner,dc=net" scope=2
> filter="(&(objectClass=posixAccount)(uid=test))"
> conn=40 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
> conn=40 op=2 BIND dn="uid=test,ou=people,dc=fechner,dc=net" method=128
> conn=40 op=2 BIND dn="uid=test,ou=people,dc=fechner,dc=net"
> mech=simple ssf=0
> conn=40 op=2 RESULT tag=97 err=0 text=
> conn=40 op=3 BIND anonymous mech=implicit ssf=0
> conn=40 op=3 BIND dn="" method=128
> conn=40 op=3 RESULT tag=97 err=0 text=
> conn=40 fd=23 closed
> ---
>
> To use ldap under Freebsd i have installed the pam_ldap-1.6.4 and
> pam_ldap-1.6.4.

You mean nss_ldap on the second one, correct?

> Than i have added under /etc/pam.d some files like login, su, sshd
> in the follwing line as first entry:
> auth            sufficient      /usr/local/lib/pam_ldap.so
>
> Than i have configured the file ldap.conf:
> host 192.168.0.251
> base dc=fechner,dc=net
> ldap_version 3
> pam_filter objectclass=posixAccount
> pam_login_attribute uid
> nss_base_passwd ou=People,dc=fechner,dc=net
> nss_base_shadow ou=People,dc=fechner,dc=net
>
> But all which i have tried will not work.
> What is wrong in my configuration?
>
> Thanks for an answer.
>
> --
> Best regards
> Matthias
>


I just got pam_ldap and nss_ldap working on a freebsd 5.1 machine, so I
will take a look at my debug output and config and compare it to yours and
see if I can help.  It will have to be this weekend, though.