From owner-freebsd-questions@FreeBSD.ORG Sun Feb 12 14:46:07 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 68EA416A420 for ; Sun, 12 Feb 2006 14:46:07 +0000 (GMT) (envelope-from freebsd-questions@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id B16F343D45 for ; Sun, 12 Feb 2006 14:46:06 +0000 (GMT) (envelope-from freebsd-questions@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1F8IU1-0001Hw-7e for freebsd-questions@freebsd.org; Sun, 12 Feb 2006 15:45:49 +0100 Received: from r5bp69.chello.upc.cz ([86.49.75.69]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 12 Feb 2006 15:45:49 +0100 Received: from element by r5bp69.chello.upc.cz with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 12 Feb 2006 15:45:49 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Pavel Duda Date: Sun, 12 Feb 2006 15:44:54 +0100 Lines: 65 Message-ID: References: <1139754356.19498.5.camel@lmail.bathnetworks.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1250; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: r5bp69.chello.upc.cz User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041103 Thunderbird/0.9 Mnenhy/0.6.0.104 X-Accept-Language: en-us, en In-Reply-To: <1139754356.19498.5.camel@lmail.bathnetworks.co.uk> Sender: news Subject: Re: LDAP authentication problems X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Feb 2006 14:46:07 -0000 Robert Slade wrote: > On Sun, 2006-02-12 at 13:37, Pavel Duda wrote: > >>Hi, >>I have problems to get LDAP authentiction working (pam_ldap)and after >>two days of struggle I'm almost giving up... >> >>I've tried few howtos like that one from samba.idealx.org but without >>success. First I wanted to run Samba PDC on FreeBSD, but I've stuck with >>pam_ldap authentication. >> >>Now I can: >>- browse LDAP database with ldapsearch or from other machine with LDAP >>browser >>- I'm able to use ldapsearch with user account created in this database ie.: >>'ldapsearch -D "uid=testuser,ou=Users,dc=OHRADNI,dc=NET" -W' >>'Enter LDAP Password: mypassword' >>'[will list all entries]' >> >>But when I try to use it for authentication it just don't work. For >>example I can't login with 'ssh testuser@localhost'. >> >>Because I have "loglevel -1" I can see many data in /var/log/debug.log, >>but I'm not sure what exactly I should look for in this debug output >>thus I don't know if problem is on LDAP side or something else in my setup. >> >>(I've attached gziped part of debug.log) >> >>Can somebody help ? >>Does someone have working setup of LDAP authentication on FreeBSD 6.0 >>and would be so kind to sent me some quick howto or give an advice ? >> > > > I used the example on the samba site which is also available in the docs > after samaba is installed. > > The only issues were that it is written for Linux and hence has > different file locations and one of the Linux commands does not exist in > FreeBSD. It is not a direct problem as it is only used for testing. > > Rob > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > So you make it work on your system ? I'm aware that guide on samba site is for linux and some of conf files are in different locations (like ldap.conf ). I have of course tried two howtos specific for FreeBSD too (like http://books.blurgle.ca/ or http://www.cultdeadsheep.org/FreeBSD/docs/Quick_and_dirty_FreeBSD_5_x_and_nss_ldap_mini-HOWTO.html). Still, I'm not able to determine where is my main problem, if it is LDAP related or some bad configuration in other part of whole authentization process (or maybe both). Now I have tried to do 'id testuser' and it is not able to recognize user and there is no additional output in debug.log so system doesn't even contact LDAP. So this could be the problem. I must have something wrong probably in pam.d or nsswitch, but I don't know what :-(.