From owner-freebsd-questions@FreeBSD.ORG  Fri Oct  1 09:32:17 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B763E16A4CE
	for <freebsd-questions@freebsd.org>;
	Fri,  1 Oct 2004 09:32:17 +0000 (GMT)
Received: from 9.hellooperator.net (cpc3-cdif2-3-0-cust202.cdif.cable.ntl.com
	[81.103.32.202])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4EBA043D39
	for <freebsd-questions@freebsd.org>;
	Fri,  1 Oct 2004 09:32:17 +0000 (GMT)
	(envelope-from rasputin@hellooperator.net)
Received: from rasputin by 9.hellooperator.net with local (Exim 4.42)
	id 1CDJky-0003mT-B4; Fri, 01 Oct 2004 10:31:16 +0100
Date: Fri, 1 Oct 2004 10:31:16 +0100
From: Dick Davies <rasputnik@hellooperator.net>
To: Bret Walker <bret-walker@northwestern.edu>
Message-ID: <20041001093116.GB26679@lb.tenfour>
References: <00bd01c4a745$348c79e0$b1336981@medill.northwestern.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In-Reply-To: <00bd01c4a745$348c79e0$b1336981@medill.northwestern.edu>
User-Agent: Mutt/1.4.2.1i
Sender: Rasputin <rasputin@hellooperator.net>
cc: FreeBSD Questions <freebsd-questions@freebsd.org>
Subject: Re: Pam_ldap
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Dick Davies <rasputnik@hellooperator.net>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Oct 2004 09:32:17 -0000

* Bret Walker <bret-walker@northwestern.edu> [1028 00:28]:
> I've been trying all day to get pam_ldap to authenticate an ssh session
> against Active Directory.  I thought that I had found the perfect HOWTO
> (read: one that didn't require nss_ldap), but its instructions didn't seem
> to get it working on my system.
>=20
> I've read that can authenticate to AD with pam_ldap alone, and I've read
> that you can't, as well.  Does anyone have any experience doing this w/o
> nss_ldap.  I'm running 4.10, and I don't think it has support for
> nss_ldap.
>=20
> If anyone has any advice, I'd love to hear it.

You're not going to need nss_ldap if you just want to validate a password.
But it sounds a bit odd to have existing users in /etc/passwd and only have
the password itself from AD - and if the users don't exist in /etc/passwd
the system won't be able to log them in.

What was the howto you used?


--=20
I think it is true for all _=08n. I was just playing it safe with _=08n >=
=3D 3
because I couldn't remember the proof.
		-- Baker, Pure Math 351a
Rasputin :: Jack of All Trades - Master of Nuns