From owner-freebsd-questions@FreeBSD.ORG Thu Oct 7 16:39:27 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A07A71065670 for ; Thu, 7 Oct 2010 16:39:27 +0000 (UTC) (envelope-from kma@mrecic.gov.ar) Received: from mx1.mrecic.gov.ar (mx1.mrecic.gov.ar [200.16.99.221]) by mx1.freebsd.org (Postfix) with ESMTP id 333448FC0C for ; Thu, 7 Oct 2010 16:39:26 +0000 (UTC) Received: from mrelmx08.mrec.ar ([140.191.48.40]) by mx1.mrecic.gov.ar with ESMTP; 07 Oct 2010 13:39:24 -0300 Received: from localhost (localhost.localdomain [127.0.0.1]) by mrelmx08.mrec.ar (Postfix) with ESMTP id 8C42B6E2DC; Fri, 8 Oct 2010 14:57:58 -0300 (ART) X-Virus-Scanned: amavisd-new at mrelmx08.mrec.ar Received: from mrelmx08.mrec.ar ([127.0.0.1]) by localhost (mrelmx08.mrec.ar [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sfsPr+Dk3wPc; Fri, 8 Oct 2010 14:57:57 -0300 (ART) Received: from mrelmx06.mrec.ar (mrelmx10.mrec.ar [140.191.48.45]) by mrelmx08.mrec.ar (Postfix) with ESMTP id C2B436E2DA; Fri, 8 Oct 2010 14:57:57 -0300 (ART) Date: Thu, 7 Oct 2010 12:39:23 -0400 (EDT) From: Kevin Mai To: Jason Message-ID: <2142474853.75664.1286469563186.JavaMail.root@mrelmx10.mrec.ar> In-Reply-To: <448088379.75662.1286469527610.JavaMail.root@mrelmx10.mrec.ar> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Originating-IP: [140.191.48.38] X-Mailer: Zimbra 6.0.6_GA_2330.DEBIAN5_64 (ZimbraWebClient - FF3.0 (Linux)/6.0.6_GA_2330.DEBIAN5_64) Cc: Dan Nelson , freebsd-questions Subject: Re: LDAP Authentication from console X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Oct 2010 16:39:27 -0000 Didn't receive all the emails, thank god this maillist is indexed! ;) login file: http://pastebin.ca/1956943 sshd file: http://pastebin.ca/1956946 system file: http://pastebin.ca/1956948 ----- Mensaje original ----- De: "Jason" Para: "Dan Nelson" CC: "Kevin Mai" , "freebsd-questions" Enviados: Mi=C3=A9rcoles, 6 de Octubre 2010 14:00:08 Asunto: Re: LDAP Authentication from console On Wed, Oct 06, 2010 at 11:59:53AM -0500, Dan Nelson thus spake: >In the last episode (Oct 06), Kevin Mai said: >> Hey guys, >> >> I've already configured PAM to authenticate against ldap and it works >> wonderful using ssh/su/sudo/etc, but when I try to log in from >> console it >> prompts: >> >> login: kma >> Password: xxxxxxxx >> LDAP Password: xxxxxxxx (same as the first one) >> Login Incorrect >> login: > >Compare /etc/pam.d/login against one of your other pam services that >works. What I do on my servers is add pam_ldap to pam.d/system, then >blow away most >of the lines in the other files and replace them with > >auth include system >account include system >session include system >password include system > >, so I know everything uses the same configuration. Back when I had used LDAP for authentication I also needed to edit /etc/nsswitch.conf Not sure if this is still the case, or if I was doing it incorrectly, however not having didn't give me the ability to login via ldap. -jgh