[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP 2.1.23 and pam

At 12:42 PM 3/9/2004, Frank Thyes wrote:

>I am on the half way to migrate some of my testsystems to OpenLDAP.
>At first NIS should be replaced with ldap. The initial configuration
>is done and works just fine. Now I am running out of ideas. The TLS
>auth is working and the given password doesnt make any problems.
># ldapsearch -x -ZZ -D "uid=tester,ou=people,dc=test,dc=de" -W \
>Enter LDAP Password:
># extended LDIF
># LDAPv3
># base <> with scope sub
># filter: (uid=tester)
># requesting: ALL
># tester, people, test.de
>dn: uid=tester,ou=people,dc=test,dc=de
>objectClass: top
>objectClass: account
>objectClass: posixAccount
>uid: tester
>cn: Test User
>gecos: Test User
>uidNumber: 100
>gidNumber: 100
>homeDirectory: /home/tester
>loginShell: /usr/local/bin/bash
>userPassword:: e0NSWVBUfUkzWUJyRGdFNnRHcWs=
># search result
>search: 3
>result: 0 Success
># numResponses: 2
># numEntries: 1

Okay, your OpenLDAP configuration seems to work.  The rest
isn't about OpenLDAP Software, but about other software
systems (nss_ldap, pam_ldap, etc.) and hence should be
discussed elsewhere.

>On my FreeBSD 5.2 box is nss_ldap and pam_ldap installed, the
>nsswitch.conf is modified too. The tester (stupid name I know) is in
>the database and was removed from the local system. Now I have tried
>to logon...
># id
>uid=0(root) gid=0(wheel) groups=0(wheel), 5(operator)
># su - tester
>$ id
>uid=100(tester) gid=100(testing) groups=100(testing)
>Well done... but logon via ssh didnt work.
># ssh tester@localhost
>Mar  9 21:07:04 nibbler sshd[74146]: error: PAM: authentication          
>/etc/pam.d/sshd file....
># $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp
># $
># PAM configuration for the "sshd" service
># auth
>#auth     required     pam_nologin.so   no_warn no_fake_prompts
>#auth     sufficient   pam_opie.so      no_warn no_fake_prompts
>#auth     requisite    pam_opieaccess.so       no_warn allow_local
>#auth     sufficient   pam_krb5.so     no_warn try_first_pass
>#auth     sufficient   pam_ssh.so      no_warn try_first_pass
>auth      sufficient   /usr/local/lib/pam_ldap.so no_warn
>auth      required     pam_unix.so     no_warn try_first_pass
>Could anyone point me in the right direction? Since I decided to
>play with ldap the dark circles around my eyes are deeply black. 

Suggest the pam/ldap list at <pamldap@padl.com>.

>Any help would be really great.