[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: problems with OpenLDAP (Debian and FreeBSD)
- To: openldap-software@OpenLDAP.org
- Subject: Re: problems with OpenLDAP (Debian and FreeBSD)
- From: Dustin Doris <openldap@mail.doris.cc>
- Date: Fri, 1 Aug 2003 09:08:55 -0400 (EDT)
- In-reply-to: <20030731212855.GA30994@server.idefix.loc>
- References: <20030731212855.GA30994@server.idefix.loc>
On Thu, 31 Jul 2003, Matthias Fechner wrote:
> Hi,
>
> i have here a FreeBSD-Server(5.1) with OpenLDAP 2.2.0.a_2 running.
> What i want to do, is manage my useraccounts with ldap.
> For this i have created a directory with ldap and created a user:
> ---
> dn: uid=test, ou=people,dc=fechner, dc=net
> objectClass: top
> objectClass: account
> objectClass: posixAccount
> objectClass: shadowAccount
> uid: test
> cn: Lester the Nightfly
> userPassword: {crypt}test
> gecos: Test
> loginShell: /bin/csh
> uidNumber: 10000
> gidNumber: 10000
> homeDirectory: /home/idefix
> ---
>
> The password is test and i am using as hash algo crypt.
> This seems to work fine, i can login with debian.
> But i cannot login from FreeBSD. Though i tried to chage it to md5.
>
> I changed the password to md5 and if i try to login it will not work.
> >From debain->freebsd i get the following logfile:
> ---
> conn=38 fd=22 ACCEPT from IP=192.168.0.151:33436 (IP=0.0.0.0:389)
> conn=38 op=0 BIND dn="" method=128
> conn=38 op=0 RESULT tag=97 err=0 text=
> conn=38 op=1 SRCH base="ou=People,dc=fechner,dc=net" scope=2
> filter="(&(objectClass=posixAccount)(uid=test))"
> conn=38 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn
> homeDirectory loginShell gecos description objectClass
> conn=38 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
> conn=38 op=2 SRCH base="ou=People,dc=fechner,dc=net" scope=2
> filter="(&(objectClass=posixAccount)(uid=test))"
> conn=38 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn
> homeDirectory loginShell gecos description objectClass
> conn=38 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
> conn=38 op=3 SRCH base="dc=fechner,dc=net" scope=2
> filter="(&(objectClass=shadowAccount)(uid=test))"
> conn=38 op=3 SRCH attr=uid userPassword shadowLastChange shadowMax
> shadowMin shadowWarning shadowInactive shadowExpire
> conn=38 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
> conn=38 fd=22 closed
> ---
>
> If i tried it from freebsd->freebsd i get the following logile:
> ---
> conn=40 fd=23 ACCEPT from IP=192.168.0.251:52590 (IP=0.0.0.0:389)
> conn=40 op=0 BIND dn="" method=128
> conn=40 op=0 RESULT tag=97 err=0 text=
> conn=40 op=1 SRCH base="ou=People,dc=fechner,dc=net" scope=2
> filter="(&(objectClass=posixAccount)(uid=test))"
> conn=40 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
> conn=40 op=2 BIND dn="uid=test,ou=people,dc=fechner,dc=net" method=128
> conn=40 op=2 BIND dn="uid=test,ou=people,dc=fechner,dc=net"
> mech=simple ssf=0
> conn=40 op=2 RESULT tag=97 err=0 text=
> conn=40 op=3 BIND anonymous mech=implicit ssf=0
> conn=40 op=3 BIND dn="" method=128
> conn=40 op=3 RESULT tag=97 err=0 text=
> conn=40 fd=23 closed
> ---
>
> To use ldap under Freebsd i have installed the pam_ldap-1.6.4 and
> pam_ldap-1.6.4.
You mean nss_ldap on the second one, correct?
> Than i have added under /etc/pam.d some files like login, su, sshd
> in the follwing line as first entry:
> auth sufficient /usr/local/lib/pam_ldap.so
>
> Than i have configured the file ldap.conf:
> host 192.168.0.251
> base dc=fechner,dc=net
> ldap_version 3
> pam_filter objectclass=posixAccount
> pam_login_attribute uid
> nss_base_passwd ou=People,dc=fechner,dc=net
> nss_base_shadow ou=People,dc=fechner,dc=net
>
> But all which i have tried will not work.
> What is wrong in my configuration?
>
> Thanks for an answer.
>
> --
> Best regards
> Matthias
>
I just got pam_ldap and nss_ldap working on a freebsd 5.1 machine, so I
will take a look at my debug output and config and compare it to yours and
see if I can help. It will have to be this weekend, though.