Date: Mon, 1 Mar 2004 03:33:53 +0000 (GMT) From: =?iso-8859-1?q?Subscribe=20From?= <subscribe_from@yahoo.com> To: freebsd-questions@freebsd.org Subject: Re: ssh+ldap+freebsd5.2 problem Message-ID: <20040301033353.25902.qmail@web21408.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Hi All,
Below is my configuration files. Can somebody give any
comment about it! I can not SSH using my LDAP account
Really appreciate your help..
Port Installed:
openldap-2.1.26.tgz
pam_ldap-167.tar.gz
nss_ldap-204.tar.gz
openssh-3.6.1.tgz
PUTTY:
login as: testuser
Sent username "testuser"
testuser@10.1.3.234's password:
Access denied
testuser@10.1.3.234's password:
/etc/nsswitch.conf:
---begin---
passwd: files ldap
group: files ldap
---end---
/usr/etc/ldap.conf & /etc/ldap.conf &
/usr/etc/nss_ldap.conf & /etc/nss_ldap.conf:
---begin---
host 127.0.0.1
uri ldapi://%2fvar%2frun%2fopenldap%2fldapi/
base dc=domain,dc=com
binddn cn=proxyuser,dc=domain,dc=com
bindpw ldapadmin
pam_password SHHA
nss_base_passwd ou=People,dc=domain,dc=com?one
nss_base_passwd ou=Computers,dc=domain,dc=com?one
nss_base_shadow ou=People,dc=domain,dc=com?one
nss_base_group ou=Groups,dc=domain,dc=com?one
---end---
/usr/local/etc/openldap/ldap.conf:
---begin---
BASE dc=domain,dc=com
URI ldapi://%2fvar%2frun%2fopenldap%2fldapi/
---end---
# /usr/local/etc/openldap/slapd.conf:
---begin---
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include
/usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/samba.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
TLSCACertificateFile
/usr/local/etc/openldap/cacert.pem
TLSCertificateFile
/usr/local/etc/openldap/servercrt.pem
TLSCertificateKeyFile
/usr/local/etc/openldap/serverkey.pem
allow bind_v2
password-hash {SSHA}
database bdb
suffix "dc=domain,dc=com"
rootdn "cn=Manager,dc=domain,dc=com"
rootpw {SSHA}JUdEYmEb9wdq9ro4gAkQ1H4vKGqBr6+7
directory /var/db/domain.com
index objectClass eq
index cn,sn,uid,memberUid,mail pres,eq
index uidNumber,gidNumber eq
index displayName pres,eq
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
access to *
by * read
---end---
/etc/pam.d/sshd:
---begin---
# auth
auth required pam_nologin.so
no_warn
auth sufficient pam_opie.so
no_warn no_fake_prompts
auth requisite pam_opieaccess.so
no_warn allow_local
auth sufficient
/usr/local/lib/pam_ldap.so no_warn try_first_pass
auth required pam_unix.so
no_warn try_first_pass
# account
#account required pam_krb5.so
account sufficient
/usr/local/lib/pam_ldap.so
account required pam_login_access.so
account required pam_unix.so
# session
#session optional pam_ssh.so
session required pam_permit.so
# password
#password sufficient pam_krb5.so
no_warn try_first_pass
password required pam_unix.so
no_warn try_first_pass
---end---
regards,
onlyme
----------------------------------------------------------------------------
Hi All,
Have any body manage to configure ssh with openldap on
FreeBSD 5.2
I manage to configure openldap on FreeBSD 5.2. Beside
that I also manage to make it work with Samba 3.0.
However the problem is I can not make it work with
ssh.
I have google around and found this minihowto
http://www.cultdeadsheep.org/FreeBSD/docs/Quick_and_dirty_FreeBSD_5_x_and_nss_ldap_mini-HOWTO.html
but fail also to make it work
Can some body advise me...:)
Regards,
onlyme
________________________________________________________________________
Yahoo! Messenger - Communicate instantly..."Ping"
your friends today! Download Messenger Now
http://uk.messenger.yahoo.com/download/index.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040301033353.25902.qmail>