From owner-freebsd-questions@FreeBSD.ORG Wed Aug 1 20:14:50 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4324716A417 for ; Wed, 1 Aug 2007 20:14:50 +0000 (UTC) (envelope-from admin2@enabled.com) Received: from typhoon.enabled.com (typhoon.enabled.com [216.218.220.21]) by mx1.freebsd.org (Postfix) with ESMTP id 1955A13C45A for ; Wed, 1 Aug 2007 20:14:50 +0000 (UTC) (envelope-from admin2@enabled.com) Received: from orbison1.englab.juniper.net (natint3.juniper.net [66.129.224.36]) (authenticated bits=0) by typhoon.enabled.com (8.14.1/8.14.1) with ESMTP id l71KEnKJ008665 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Wed, 1 Aug 2007 13:14:49 -0700 (PDT) (envelope-from admin2@enabled.com) Message-ID: <46B0E9B1.2030101@enabled.com> Date: Wed, 01 Aug 2007 13:14:41 -0700 From: Noah User-Agent: Thunderbird 2.0.0.5 (Macintosh/20070716) MIME-Version: 1.0 To: User Questions Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: pam_ldap receives Invalid credentials X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Aug 2007 20:14:50 -0000 Hi, I am not sure why this happens but out terminal servers, routers, and ancillary devices are able to authenticate with our LDAP server. For some reason pam_ldap claims "Invalid credentials" with the same exact user and password. What could be wrong? I cant seem to figure out what is wrong with the current log messages. Is there a way to receive verbose messages from pam and/or pam_ldap to figure out if it is sending the proper authentication information to the LDAP server. We are on a FreeBSD-6.2 stable machine. Clues please, Noah Aug 1 11:24:11 access1 sshd[6277]: pam_ldap: error trying to bind as user "cn=Test User,cn=people,dc=bogus,dc=domain,dc=net" (Invalid credentials) Aug 1 11:24:11 access1 sshd[6277]: Failed password for invalid user tuser from 172.24.241.234 port 49317 ssh2 Aug 1 11:24:14 access1 sshd[6277]: pam_ldap: error trying to bind as user "cn=Test User,cn=people,dc=bogus,dc=domain,dc=net" (Invalid credentials) Aug 1 11:24:14 access1 sshd[6277]: Failed password for invalid user tuser from 172.24.241.234 port 49317 ssh2 Aug 1 11:24:14 access1 sshd[6277]: Connection closed by 172.24.241.234 access1# pkg_info | grep pam checkpassword-pam-0.99 Implementation of checkpassword authentication program nagios-spamd-plugin-1.4 Nagios plugin for checking SpamAssassins spamd p5-Mail-SpamAssassin-3.1.8_1 A highly efficient mail filter for identifying spam pam_ldap-1.8.2 A pam module for authenticating with LDAP pam_mkhomedir-0.1 Create HOME with a PAM module on demand pamtester-0.1.2 A command line pam authentication tester razor-agents-2.84 A distributed, collaborative, spam detection and filtering access1# pkg_info | grep ldap ldapsh-2.00_2,1 Interactive shell used to administer ldap directories nss_ldap-1.255 RFC 2307 NSS module openldap-client-2.3.37 Open source LDAP client implementation openldap-server-2.3.37 Open source LDAP server implementation p5-perl-ldap-0.34 A Client interface to LDAP servers pam_ldap-1.8.2 A pam module for authenticating with LDAP php5-ldap-5.2.3_1 The ldap shared extension for php access1#