[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP 2.1.23 and pam



Hello,
I am on the half way to migrate some of my testsystems to OpenLDAP.
At first NIS should be replaced with ldap. The initial configuration
is done and works just fine. Now I am running out of ideas. The TLS
auth is working and the given password doesnt make any problems.

# ldapsearch -x -ZZ -D "uid=tester,ou=people,dc=test,dc=de" -W \
'(uid=tester)'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (uid=tester)
# requesting: ALL
#

# tester, people, test.de
dn: uid=tester,ou=people,dc=test,dc=de
objectClass: top
objectClass: account
objectClass: posixAccount
uid: tester
cn: Test User
gecos: Test User
uidNumber: 100
gidNumber: 100
homeDirectory: /home/tester
loginShell: /usr/local/bin/bash
userPassword:: e0NSWVBUfUkzWUJyRGdFNnRHcWs=

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1

On my FreeBSD 5.2 box is nss_ldap and pam_ldap installed, the
nsswitch.conf is modified too. The tester (stupid name I know) is in
the database and was removed from the local system. Now I have tried
to logon...

# id
uid=0(root) gid=0(wheel) groups=0(wheel), 5(operator)

# su - tester

$ id
uid=100(tester) gid=100(testing) groups=100(testing)

Well done... but logon via ssh didnt work.

# ssh tester@localhost
Password:
Mar  9 21:07:04 nibbler sshd[74146]: error: PAM: authentication          
error
Password:

/etc/pam.d/sshd file....

# $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp
# $
#
# PAM configuration for the "sshd" service
#

# auth
#auth     required     pam_nologin.so   no_warn no_fake_prompts
#auth     sufficient   pam_opie.so      no_warn no_fake_prompts
#auth     requisite    pam_opieaccess.so       no_warn allow_local
#auth     sufficient   pam_krb5.so     no_warn try_first_pass
#auth     sufficient   pam_ssh.so      no_warn try_first_pass
auth      sufficient   /usr/local/lib/pam_ldap.so no_warn
try_first_pass
auth      required     pam_unix.so     no_warn try_first_pass


Could anyone point me in the right direction? Since I decided to
play with ldap the dark circles around my eyes are deeply black. 

Any help would be really great.

Regards
Frank