From owner-freebsd-questions@FreeBSD.ORG Thu Mar 27 10:17:32 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ABC59106564A for ; Thu, 27 Mar 2008 10:17:32 +0000 (UTC) (envelope-from f.bonnet@esiee.fr) Received: from mail.esiee.fr (mail.esiee.fr [147.215.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 68E2D8FC23 for ; Thu, 27 Mar 2008 10:17:32 +0000 (UTC) (envelope-from f.bonnet@esiee.fr) Received: from mail.esiee.fr (localhost [127.0.0.1]) by VAMS.dummy (Postfix) with SMTP id 6043BF7D7; Thu, 27 Mar 2008 11:17:31 +0100 (CET) Received: from secure.esiee.fr (secure.esiee.fr [147.215.1.19]) by mail.esiee.fr (Postfix) with ESMTP id E4C0214B29; Thu, 27 Mar 2008 11:17:30 +0100 (CET) Received: from lisa.esiee.fr (lisa.esiee.fr [147.215.1.21]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: bonnetf) by secure.esiee.fr (Postfix) with ESMTP id CF51CE7B1A; Thu, 27 Mar 2008 11:17:30 +0100 (CET) Message-ID: <47EB7436.3010901@esiee.fr> Date: Thu, 27 Mar 2008 11:17:26 +0100 From: Frank Bonnet User-Agent: Thunderbird 2.0.0.9 (X11/20080121) MIME-Version: 1.0 To: Paul Schmehl References: <47E90D72.3060909@esiee.fr> <1206456103.18298.88.camel@soundwave.ws.pitbpa0.priv.collaborativefusion.com> <47E91ACF.1040804@esiee.fr> <1206459218.18298.100.camel@soundwave.ws.pitbpa0.priv.collaborativefusion.com> <47EA6563.3030109@esiee.fr> <415463677EAE17931859BFF9@[10.110.3.94]> In-Reply-To: <415463677EAE17931859BFF9@[10.110.3.94]> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: bseklecki@collaborativefusion.com, freebsd-questions@freebsd.org Subject: Re: Working /etc/pam.d/sshd file with pam_ldap 6.3 or 7.0 ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Mar 2008 10:17:32 -0000 Paul Schmehl wrote: > Please don't top post. It disrupts the flow of the conversation. (See > below for my response.) > > --On Wednesday, March 26, 2008 4:01 PM +0100 Frank Bonnet > wrote: > >> Hello >> >> After having spent several hours on it I can't have a working >> ssh access that use PAM_LDAP on a freebsd 6/7 machine ! >> >> I have no problem on a Linux Debian etch box ... >> >> Where are we going if Linux works better than BSD ? :-) >> > > Setting up pam ldap ssh access on a FreeBSD box takes less than five > minutes *after* installing the correct ports. > > 1) net/openldap-client > 2) security/pam_ldap > > Then configure ldap.conf (in /usr/local/etc/) which is quite simple: > host {your ldap server(s) either hostname(s) or ip(s) in a > space-separate list > dc (your dn) > > Then configure /etc/pam.d/sshd thus: > auth sufficient /usr/local/lib/pam_ldap.so no_warn > try_first_pass > > That's all that is needed. > That's what I did , I use nss_ldap and pam_ldap since a long time now on many platforms and that is what do not work > If it doesn't work, fire up wireshark (port) or tcpdump (base) and see > what the problem is. at the very last extremity why not ?