Right, basically this is doing what I thought - just checking passwords in AD without looking up user info, so the accounts need to exist on the bsd server (that may become a real pain in the arse, by the way).
couple of quick checks; 1) the ldap.conf referred to should be /usr/local/etc/ldap.conf *NOT* /etc/openldap/ldap.conf 2) can you log onto the console as these users? If you're sshing you may need to edit /etc/pam.d/sshd, and not login. 3) what's in your logs? If you have the 'debug' flag on, something will be getting written to - check /var/log/secure and /var/log/messages * Bret Walker <[EMAIL PROTECTED]> [1043 13:43]: > It is here: http://www.netsys.com/pamldap/2002/04/msg00074.html > > Thanks, > Bret > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Dick Davies > Sent: Friday, October 01, 2004 4:31 AM > To: Bret Walker > Cc: FreeBSD Questions > Subject: Re: Pam_ldap > > > * Bret Walker <[EMAIL PROTECTED]> [1028 00:28]: > > I've been trying all day to get pam_ldap to authenticate an ssh > > session against Active Directory. I thought that I had found the > > perfect HOWTO > > (read: one that didn't require nss_ldap), but its instructions didn't > seem > > to get it working on my system. > > > > I've read that can authenticate to AD with pam_ldap alone, and I've > > read that you can't, as well. Does anyone have any experience doing > > this w/o nss_ldap. I'm running 4.10, and I don't think it has support > > for nss_ldap. > > > > If anyone has any advice, I'd love to hear it. > > You're not going to need nss_ldap if you just want to validate a password. > But it sounds a bit odd to have existing users in /etc/passwd and only > have the password itself from AD - and if the users don't exist in > /etc/passwd the system won't be able to log them in. > > What was the howto you used? -- Yeah, life is hilariously cruel. - Bender Rasputin :: Jack of All Trades - Master of Nuns _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
