PAM-SSH-LDAP problem

[Panos]

hello I'm trying to setup an ldap for authenticating users.
I think that the ldap server is ok
but ssh gives me an error PAM authntication error illigal user XXX from 
XXX.XXX.XXX.XXX
I think that something is wrong when pam-ldap is quering tο ldap.
Fisrt I thounght that was acl problem so I tried something like this 
access * by * write
full access to alla but nothing.
When I'm using phpldadmin to connet to ldap I have no problem,
my ldap.conf
base dc=something,dc=something,dc=something
uri ldap://XXX.XXX.XXX.XXX/
ldap_version 3
binddn cn=manager,dc=something,dc=something,dc=something
bindpw password(uncrypted)
scope sub
pam_filter objectclass=possixAccount
pam_login_attribute uid
pam_check_host_attr yes
pam_check_service_attr no
nss_base_passwd        ou=users,dc=something,dc=something,dc=something?sub
nss_base_shadow        ou=users,dc=something,dc=something,dc=something?sub
nss_base_group         ou=groups,dc=something,dc=something,dc=something?sub
I have tried this too but still nothing

base dc=something,dc=something,dc=something
uri ldap://XXX.XXX.XXX.XXX/
ldap_version 3
binddn cn=manager,dc=something,dc=something,dc=something
bindpw password(uncrypted)
scope sub
pam_filter objectclass=possixAccount
pam_login_attribute uid
nss_base_passwd        ou=users,dc=something,dc=something,dc=something?sub
nss_base_shadow        ou=users,dc=something,dc=something,dc=something?sub
nss_base_group         ou=groups,dc=something,dc=something,dc=something?sub



my nss_ldap.conf

base ou=users,dc=something,dc=something,dc=something
uri ldap://XXX.XXX.XXX.XXX/
ldap_version 3


my slapd.conf

include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/nis.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/sendmail.schema
include         /usr/local/etc/openldap/schema/pureftpd.schema
include         /usr/local/etc/openldap/schema/radius.schema

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

loglevel -256
sizelimit 1000
lastmod on

modulepath      /usr/local/libexec/openldap
moduleload      back_bdb

access to *
      by self write
      by dn="cn=Manager,dc=something,dc=something,dc=something" write
      by users read
      by anonymous auth

access to attr=userPassword
      by dn="cn=Manager,dc=something,dc=something,dc=something" write
      by anonymous auth
      by self write
      by * none

database        bdb
suffix          "dc=something,dc=something,dc=something"
rootdn          "cn=Manager,dc=something,dc=something,dc=something"
rootpw  {CRYPT}PASSWORD.

directory       /var/db/openldap-data

TLSVerifyClient demand

TLSCertificateFile      /etc/certs/cert.crt
TLSCertificateKeyFile   /etc/certs/cert.key
TLSCACertificateFile    /etc/certs/cert.crt
TLSCipherSuite HIGH:MEDIUM:+SSLv2

index   objectClass     eq
index  uid             eq,pres
index  cn              eq,pres
index  mail            eq,pres
index  ou              eq,pres,sub
index  uidnumber       eq,pres
index  gidnumber       eq,pres


my pam.d/ssh

auth            sufficient      pam_opie.so             no_warn 
no_fake_prompts
auth            requisite       pam_opieaccess.so       no_warn allow_local
auth            sufficient      /usr/local/lib/pam_ldap.so      no_warn
auth            required        pam_unix.so             no_warn 
try_first_pass

# account
account         required        pam_nologin.so                  no_warn
account         required        pam_login_access.so
account         required        /usr/local/lib/pam_ldap.so      no_warn 
ignore_authinfo_unavail ignore_unknown_user


# session
session         required        pam_permit.so

# password
password        required        pam_unix.so             no_warn 
try_first_pass

and my ldap.log output

Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 fd=11 ACCEPT from 
IP=127.0.0.1:51667 (IP=0.0.0.0:389)
Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 BIND 
dn="cn=manager,dc=something,dc=something,dc=something" method=128
Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 BIND 
dn="cn=manager,dc=something,dc=something,dc=something" mech=SIMPLE ssf=0
Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 RESULT tag=97 err=0 text=
Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=1 SRCH 
base="ou=users,dc=something,dc=something,dc=something" scope=2 deref=0 
filter="(&(?objectClass=possixAccount)(uid=ldap_test))"
Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=1 SEARCH RESULT tag=101 
err=0 nentries=0 text=value does not conform to assertion syntax
Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 fd=11 closed (connection lost)



if you could help me I would be gratefull.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"