From owner-freebsd-questions@FreeBSD.ORG Fri Apr 17 22:32:36 2009 Return-Path: Delivered-To: freebsd-questions@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C19B6106566B for ; Fri, 17 Apr 2009 22:32:36 +0000 (UTC) (envelope-from emiel@vandelaar.name) Received: from mx0.rednode.nl (spitfire.rednode.nl [80.69.81.20]) by mx1.freebsd.org (Postfix) with ESMTP id 8331F8FC1C for ; Fri, 17 Apr 2009 22:32:36 +0000 (UTC) (envelope-from emiel@vandelaar.name) Received: from DSPAM-Daemon (localhost.rednode.nl [127.0.0.1]) by mx0.rednode.nl (Postfix) with SMTP id C4E641704F for ; Sat, 18 Apr 2009 00:15:16 +0200 (CEST) Received: from [192.168.178.20] (a83-163-43-2.adsl.xs4all.nl [83.163.43.2]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mx0.rednode.nl (Postfix) with ESMTPSA id 1FE021704A; Sat, 18 Apr 2009 00:15:14 +0200 (CEST) Message-Id: From: Emiel van de Laar To: Panos In-Reply-To: <49E8EEF9.5090801@gmail.com> Content-Type: text/plain; charset=UTF-8; format=flowed; delsp=yes Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Apple Message framework v930.3) Date: Sat, 18 Apr 2009 00:15:13 +0200 References: <49E8EEF9.5090801@gmail.com> X-Mailer: Apple Mail (2.930.3) X-DSPAM-Result: Innocent X-DSPAM-Processed: Sat Apr 18 00:15:16 2009 X-DSPAM-Confidence: 1.0000 X-DSPAM-Probability: 0.0023 X-DSPAM-Signature: 194,49e8ff74552961313813915 Cc: freebsd-questions@FreeBSD.org Subject: Re: PAM-SSH-LDAP problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Apr 2009 22:32:37 -0000 On Apr 17, 2009, at 11:04 PM, Panos wrote: > hello I'm trying to setup an ldap for authenticating users. > I think that the ldap server is ok > but ssh gives me an error PAM authntication error illigal user XXX =20 > from XXX.XXX.XXX.XXX > I think that something is wrong when pam-ldap is quering t=CE=BF ldap. > Fisrt I thounght that was acl problem so I tried something like this =20= > access * by * write > full access to alla but nothing. > When I'm using phpldadmin to connet to ldap I have no problem, [snip] > Apr 18 00:01:05 FreeBSD slapd[1336]: conn=3D0 fd=3D11 ACCEPT from =20 > IP=3D127.0.0.1:51667 (IP=3D0.0.0.0:389) > Apr 18 00:01:05 FreeBSD slapd[1336]: conn=3D0 op=3D0 BIND =20 > dn=3D"cn=3Dmanager,dc=3Dsomething,dc=3Dsomething,dc=3Dsomething" = method=3D128 > Apr 18 00:01:05 FreeBSD slapd[1336]: conn=3D0 op=3D0 BIND =20 > dn=3D"cn=3Dmanager,dc=3Dsomething,dc=3Dsomething,dc=3Dsomething" = mech=3DSIMPLE =20 > ssf=3D0 > Apr 18 00:01:05 FreeBSD slapd[1336]: conn=3D0 op=3D0 RESULT tag=3D97 = err=3D0 =20 > text=3D > Apr 18 00:01:05 FreeBSD slapd[1336]: conn=3D0 op=3D1 SRCH =20 > base=3D"ou=3Dusers,dc=3Dsomething,dc=3Dsomething,dc=3Dsomething" = scope=3D2 =20 > deref=3D0 filter=3D"(&(?objectClass=3DpossixAccount)(uid=3Dldap_test))" > Apr 18 00:01:05 FreeBSD slapd[1336]: conn=3D0 op=3D1 SEARCH RESULT =20 > tag=3D101 err=3D0 nentries=3D0 text=3Dvalue does not conform to = assertion =20 > syntax > Apr 18 00:01:05 FreeBSD slapd[1336]: conn=3D0 fd=3D11 closed = (connection =20 > lost) I suggest you have a look at the LDAP filter. The log above shows: (&(?objectClass=3DpossixAccount)(uid=3Dldap_test)) While I expect something like: (&(objectClass=3DpossixAccount)(uid=3Dldap_test)) i.e. remove the '?'. Regards, - Emiel=