Date: Fri, 1 Oct 2004 15:02:26 +0100 From: Dick Davies <rasputnik@hellooperator.net> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Pam_ldap Message-ID: <20041001140225.GE29161@lb.tenfour>
next in thread | raw e-mail | index | archive | help
Right, basically this is doing what I thought - just checking passwords in AD without looking up user info, so the accounts need to exist on the bsd server (that may become a real pain in the arse, by the way). couple of quick checks; 1) the ldap.conf referred to should be /usr/local/etc/ldap.conf *NOT* /etc/openldap/ldap.conf 2) can you log onto the console as these users? If you're sshing you may need to edit /etc/pam.d/sshd, and not login. 3) what's in your logs? If you have the 'debug' flag on, something will be getting written to - check /var/log/secure and /var/log/messages * Bret Walker <bret-walker@northwestern.edu> [1043 13:43]: > It is here: http://www.netsys.com/pamldap/2002/04/msg00074.html > > Thanks, > Bret > > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Dick Davies > Sent: Friday, October 01, 2004 4:31 AM > To: Bret Walker > Cc: FreeBSD Questions > Subject: Re: Pam_ldap > > > * Bret Walker <bret-walker@northwestern.edu> [1028 00:28]: > > I've been trying all day to get pam_ldap to authenticate an ssh > > session against Active Directory. I thought that I had found the > > perfect HOWTO > > (read: one that didn't require nss_ldap), but its instructions didn't > seem > > to get it working on my system. > > > > I've read that can authenticate to AD with pam_ldap alone, and I've > > read that you can't, as well. Does anyone have any experience doing > > this w/o nss_ldap. I'm running 4.10, and I don't think it has support > > for nss_ldap. > > > > If anyone has any advice, I'd love to hear it. > > You're not going to need nss_ldap if you just want to validate a password. > But it sounds a bit odd to have existing users in /etc/passwd and only > have the password itself from AD - and if the users don't exist in > /etc/passwd the system won't be able to log them in. > > What was the howto you used? -- Yeah, life is hilariously cruel. - Bender Rasputin :: Jack of All Trades - Master of Nuns
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041001140225.GE29161>