Date: Sat, 19 Jul 2008 01:29:33 +0200 From: "Per olof Ljungmark" <peo@intersonic.se> To: freebsd-questions@freebsd.org Subject: Re: "Invalid credentials" errors using pam_ldap on FreeBSD Message-ID: <20080719012933.75990wmh8c31w3m8@webmail.inter-sonic.com> In-Reply-To: <4880EA7A.90801@rowyerboat.com> References: <4880EA7A.90801@rowyerboat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting "Stephen Allen" <sdafreebsduk@rowyerboat.com>: > Hello, > > I'm pretty sure I've done all the necessary steps to be able to ssh =20 > to my FreeBSD box using pam_ldap, but I'm getting "Invalid =20 > credentials" errors whenever I try (I can successfully perform an =20 > ldapsearch operation though). > > Here are snippets from my config: > > [/etc/nsswitch.conf] > passwd: files ldap > > [/etc/pam.d/sshd] > auth sufficient /usr/local/lib/pam_ldap.so > auth required pam_unix.so > > [/usr/local/etc/ldap.conf] > base o=3Dbrookes > uri ldap://ldap.brookes.ac.uk:389/ > scope one > > And here is the error: > > Jul 18 19:19:41 vh1a9f58 sshd[19601]: pam_ldap: error trying to bind =20 > as user "uid=3Dp0036343,o=3DBrookes" (Invalid credentials) > > Incidentally, the following ldapsearch query _IS_ successful, and =20 > returns me some details about user 'jsmith' > > ldapsearch -H ldap://ldap.brookes.ac.uk -b 'o=3Dbrookes' -x -W -D =20 > 'uid=3Dme,o=3DBrookes' uid=3Djsmith Try to increase the log level in nss_ldap.conf, debug =3D <level>, and =20 check /var/log/debug.log. man nss_ldap(5). --per
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080719012933.75990wmh8c31w3m8>