After much banging my head against the desk, I have it kinda working...
I can su - to a user (from root) and get home directory... but... and I have tried PLAIN, CRYPT, and SSHA passwords...
I cannot login, su - (when prompted for password), ssh in...
here is a some of the conf files
east# more /usr/local/etc/pam_ldap/ssh.conf host 127.0.0.1 port 389 base dc=all,dc=net ldap_version 3 ssl off tls_ciphers HIGH:MEDIUM:+SSLv2:RSA tls_checkpeer no pam_login_attribute uid
east# cat /etc/pam.d/sshd # # $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $ # # PAM configuration for the "sshd" service #
# auth
auth sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass config=/usr/local/etc/pam_ldap/ssh.conf
auth required pam_nologin.so no_warn
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
#auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass
# account
#account required pam_krb5.so
account sufficient /usr/local/lib/pam_ldap.so config=/usr/local/etc/pam_ldap/ssh.conf
account required pam_login_access.so
account required pam_unix.so
# session
#session optional pam_ssh.so
session sufficient /usr/local/lib/pam_ldap.so config=/usr/local/etc/pam_ldap/ssh.conf
session required pam_permit.so
# password
#password sufficient pam_krb5.so no_warn try_first_pass
password sufficient /usr/local/lib/pam_ldap.so config=/usr/local/etc/pam_ldap/ssh.conf
password required pam_unix.so no_warn try_first_pass
east# more /usr/local/etc/ldap.conf rootbinddb cn=Manager,dc=all,dc=net uri ldaps://69.17.104.19:636/ binddn cn=Manager,dc=all,dc=net ssl yes bindpw ________ port 636 nss_base_passwd ou=People,dc=all,dc=net?one nss_base_group ou=Groups,dc=all,dc=net?one pam_password SSHA
> uname -a
FreeBSD east 5.1-RELEASE FreeBSD 5.1-RELEASE #3: Tue Nov 9 22:43:42 GMT 2004 [EMAIL PROTECTED]:/usr/src/sys/i386/compile/ORACLE i386
(I put in the oracle required changes and some TCP/IP related stuff)
> ./slapd -VV
@(#) $OpenLDAP: slapd 2.2.18 (Nov 21 2004 02:33:07) $
[EMAIL PROTECTED]:/usr/ports/net/openldap22-sasl-server/work/openldap-2.2.18/servers/slapd
> sshd -v sshd version OpenSSH_3.6.1p1 FreeBSD-20030423
strings on slappasswd show the following are compiled in::
{SSHA}
{CRYPT}
{SHA}
{MD5}
{LANMAN}
{SASL}
{UNIX}
{CLEARTEXT}
Jon Adams wrote:
I tried this one:
http://www.cultdeadsheep.org/FreeBSD/docs/Quick_and_dirty_FreeBSD_5_x_and_nss_ldap_mini-HOWTO.html
and it emphatically does not work, and I followed it to the letter.... I think it has something to do with NSS only using SSL/port 636.
so then I tried it with that added.... still no dice
Help!
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support.
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
