From owner-freebsd-questions@FreeBSD.ORG Thu Mar 27 14:51:28 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 95592106566B for ; Thu, 27 Mar 2008 14:51:28 +0000 (UTC) (envelope-from pauls@utdallas.edu) Received: from smtp3.utdallas.edu (smtp3.utdallas.edu [129.110.10.49]) by mx1.freebsd.org (Postfix) with ESMTP id 76A4E8FC2D for ; Thu, 27 Mar 2008 14:51:28 +0000 (UTC) (envelope-from pauls@utdallas.edu) Received: from utd65257.utdallas.edu (utd65257.utdallas.edu [129.110.3.28]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp3.utdallas.edu (Postfix) with ESMTP id E229D65513; Thu, 27 Mar 2008 09:51:27 -0500 (CDT) Date: Thu, 27 Mar 2008 09:51:27 -0500 From: Paul Schmehl To: Frank Bonnet Message-ID: <167009639942035F5144CD13@utd65257.utdallas.edu> In-Reply-To: <47EB7436.3010901@esiee.fr> References: <47E90D72.3060909@esiee.fr> <1206456103.18298.88.camel@soundwave.ws.pitbpa0.priv.collaborativefusion.com> <47E91ACF.1040804@esiee.fr> <1206459218.18298.100.camel@soundwave.ws.pitbpa0.priv.collaborativefusion.com> <47EA6563.3030109@esiee.fr> <415463677EAE17931859BFF9@[10.110.3.94]> <47EB7436.3010901@esiee.fr> X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: bseklecki@collaborativefusion.com, freebsd-questions@freebsd.org Subject: Re: Working /etc/pam.d/sshd file with pam_ldap 6.3 or 7.0 ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Mar 2008 14:51:28 -0000 --On Thursday, March 27, 2008 11:17:26 +0100 Frank Bonnet wrote: >> >> Setting up pam ldap ssh access on a FreeBSD box takes less than five >> minutes *after* installing the correct ports. >> >> 1) net/openldap-client >> 2) security/pam_ldap >> >> Then configure ldap.conf (in /usr/local/etc/) which is quite simple: >> host {your ldap server(s) either hostname(s) or ip(s) in a >> space-separate list >> dc (your dn) >> >> Then configure /etc/pam.d/sshd thus: >> auth sufficient /usr/local/lib/pam_ldap.so no_warn >> try_first_pass >> >> That's all that is needed. >> > > That's what I did , I use nss_ldap and pam_ldap since a long time now > on many platforms and that is what do not work > Time to troubleshoot. Is the ldap server reachable? Is your search base correct? Is a firewall blocking you? Is the ldap server running on a non-standard port? Something is wrong, but if you configured it the same way as I described, then the problem lies elsewhere. > > >> If it doesn't work, fire up wireshark (port) or tcpdump (base) and see >> what the problem is. > > at the very last extremity why not ? > I'm afraid I don't follow you here. -- Paul Schmehl (pauls@utdallas.edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/