From owner-freebsd-questions@FreeBSD.ORG Fri Apr 17 21:06:31 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 95A6410656F1 for ; Fri, 17 Apr 2009 21:06:31 +0000 (UTC) (envelope-from panosx13@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.154]) by mx1.freebsd.org (Postfix) with ESMTP id F3A938FC1B for ; Fri, 17 Apr 2009 21:06:30 +0000 (UTC) (envelope-from panosx13@gmail.com) Received: by fg-out-1718.google.com with SMTP id 13so328960fge.12 for ; Fri, 17 Apr 2009 14:06:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:content-type :content-transfer-encoding; bh=KFM+hcHPfgeYQqWekynqwK2JGGm+PRmPqCL1C+NNvEc=; b=CAnLRLZxs7CAbbQ8sGsAGu7FBHukBhEZjcf6TRNpdn0ywPjV0LLgadxBZR6u833t+z 1mah+x+84OptyDBdWL/Hx9ObORrJKkrWTmkXQmytuGbqR+4lWhqnppmAc8imimZ+MmdK rL+vbNz/4g0L+hdKvmCIpHy/LAXmUYi+kQlG4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; b=pRj43qXB8GrXu5GkPVgL8DV2W714o/k9FwzYhG+uIrcRWLRYQaZ0lksp3Q2e7J7WQi wvDyU0hCApeYOHVahkECXgoNqzp05BY8EdOJU5nXzcfY34xHzs14oywVp5Ae099LEgQD 3yK5vcRb27Z2+dmoHibriFQE7clFHkO8Bieeo= Received: by 10.86.82.6 with SMTP id f6mr2273247fgb.69.1240002389897; Fri, 17 Apr 2009 14:06:29 -0700 (PDT) Received: from ?192.168.2.3? (athedsl-291361.home.otenet.gr [85.73.185.191]) by mx.google.com with ESMTPS id l19sm1467664fgb.1.2009.04.17.14.06.29 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 17 Apr 2009 14:06:29 -0700 (PDT) Message-ID: <49E8EEF9.5090801@gmail.com> Date: Sat, 18 Apr 2009 00:04:57 +0300 From: Panos User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: freebsd-questions@FreeBSD.org Content-Type: text/plain; charset=ISO-8859-7; format=flowed Content-Transfer-Encoding: 8bit Cc: Subject: PAM-SSH-LDAP problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Apr 2009 21:06:41 -0000 hello I'm trying to setup an ldap for authenticating users. I think that the ldap server is ok but ssh gives me an error PAM authntication error illigal user XXX from XXX.XXX.XXX.XXX I think that something is wrong when pam-ldap is quering tī ldap. Fisrt I thounght that was acl problem so I tried something like this access * by * write full access to alla but nothing. When I'm using phpldadmin to connet to ldap I have no problem, my ldap.conf base dc=something,dc=something,dc=something uri ldap://XXX.XXX.XXX.XXX/ ldap_version 3 binddn cn=manager,dc=something,dc=something,dc=something bindpw password(uncrypted) scope sub pam_filter objectclass=possixAccount pam_login_attribute uid pam_check_host_attr yes pam_check_service_attr no nss_base_passwd ou=users,dc=something,dc=something,dc=something?sub nss_base_shadow ou=users,dc=something,dc=something,dc=something?sub nss_base_group ou=groups,dc=something,dc=something,dc=something?sub I have tried this too but still nothing base dc=something,dc=something,dc=something uri ldap://XXX.XXX.XXX.XXX/ ldap_version 3 binddn cn=manager,dc=something,dc=something,dc=something bindpw password(uncrypted) scope sub pam_filter objectclass=possixAccount pam_login_attribute uid nss_base_passwd ou=users,dc=something,dc=something,dc=something?sub nss_base_shadow ou=users,dc=something,dc=something,dc=something?sub nss_base_group ou=groups,dc=something,dc=something,dc=something?sub my nss_ldap.conf base ou=users,dc=something,dc=something,dc=something uri ldap://XXX.XXX.XXX.XXX/ ldap_version 3 my slapd.conf include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/sendmail.schema include /usr/local/etc/openldap/schema/pureftpd.schema include /usr/local/etc/openldap/schema/radius.schema pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args loglevel -256 sizelimit 1000 lastmod on modulepath /usr/local/libexec/openldap moduleload back_bdb access to * by self write by dn="cn=Manager,dc=something,dc=something,dc=something" write by users read by anonymous auth access to attr=userPassword by dn="cn=Manager,dc=something,dc=something,dc=something" write by anonymous auth by self write by * none database bdb suffix "dc=something,dc=something,dc=something" rootdn "cn=Manager,dc=something,dc=something,dc=something" rootpw {CRYPT}PASSWORD. directory /var/db/openldap-data TLSVerifyClient demand TLSCertificateFile /etc/certs/cert.crt TLSCertificateKeyFile /etc/certs/cert.key TLSCACertificateFile /etc/certs/cert.crt TLSCipherSuite HIGH:MEDIUM:+SSLv2 index objectClass eq index uid eq,pres index cn eq,pres index mail eq,pres index ou eq,pres,sub index uidnumber eq,pres index gidnumber eq,pres my pam.d/ssh auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth sufficient /usr/local/lib/pam_ldap.so no_warn auth required pam_unix.so no_warn try_first_pass # account account required pam_nologin.so no_warn account required pam_login_access.so account required /usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user # session session required pam_permit.so # password password required pam_unix.so no_warn try_first_pass and my ldap.log output Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 fd=11 ACCEPT from IP=127.0.0.1:51667 (IP=0.0.0.0:389) Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 BIND dn="cn=manager,dc=something,dc=something,dc=something" method=128 Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 BIND dn="cn=manager,dc=something,dc=something,dc=something" mech=SIMPLE ssf=0 Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 RESULT tag=97 err=0 text= Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=1 SRCH base="ou=users,dc=something,dc=something,dc=something" scope=2 deref=0 filter="(&(?objectClass=possixAccount)(uid=ldap_test))" Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=value does not conform to assertion syntax Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 fd=11 closed (connection lost) if you could help me I would be gratefull.