From owner-freebsd-questions@FreeBSD.ORG  Sun Feb 29 19:33:53 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4C8BB16A4CE
	for <freebsd-questions@freebsd.org>;
	Sun, 29 Feb 2004 19:33:53 -0800 (PST)
Received: from web21408.mail.yahoo.com (web21408.mail.yahoo.com
	[216.136.232.78])
	by mx1.FreeBSD.org (Postfix) with SMTP id 1EECC43D31
	for <freebsd-questions@freebsd.org>;
	Sun, 29 Feb 2004 19:33:53 -0800 (PST)
	(envelope-from subscribe_from@yahoo.com)
Message-ID: <20040301033353.25902.qmail@web21408.mail.yahoo.com>
Received: from [161.142.100.87] by web21408.mail.yahoo.com via HTTP;
	Mon, 01 Mar 2004 03:33:53 GMT
Date: Mon, 1 Mar 2004 03:33:53 +0000 (GMT)
From: =?iso-8859-1?q?Subscribe=20From?= <subscribe_from@yahoo.com>
To: freebsd-questions@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Subject: Re: ssh+ldap+freebsd5.2 problem
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Mar 2004 03:33:53 -0000

Hi All,

Below is my configuration files. Can somebody give any
comment about it! I can not SSH using my LDAP account
Really appreciate your help..

Port Installed:
openldap-2.1.26.tgz
pam_ldap-167.tar.gz
nss_ldap-204.tar.gz
openssh-3.6.1.tgz

PUTTY:
login as: testuser
Sent username "testuser"
testuser@10.1.3.234's password:
Access denied
testuser@10.1.3.234's password:


/etc/nsswitch.conf:
---begin---
passwd: files ldap
group: files ldap
---end---

/usr/etc/ldap.conf & /etc/ldap.conf &
/usr/etc/nss_ldap.conf & /etc/nss_ldap.conf:
---begin---
host 127.0.0.1  
uri ldapi://%2fvar%2frun%2fopenldap%2fldapi/
base dc=domain,dc=com
binddn cn=proxyuser,dc=domain,dc=com
bindpw ldapadmin
pam_password SHHA 
nss_base_passwd ou=People,dc=domain,dc=com?one
nss_base_passwd ou=Computers,dc=domain,dc=com?one
nss_base_shadow ou=People,dc=domain,dc=com?one
nss_base_group ou=Groups,dc=domain,dc=com?one
---end---

/usr/local/etc/openldap/ldap.conf:
---begin---
BASE dc=domain,dc=com 
URI ldapi://%2fvar%2frun%2fopenldap%2fldapi/
---end---

# /usr/local/etc/openldap/slapd.conf:
---begin---
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include
/usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/samba.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
TLSCACertificateFile
/usr/local/etc/openldap/cacert.pem
TLSCertificateFile
/usr/local/etc/openldap/servercrt.pem
TLSCertificateKeyFile
/usr/local/etc/openldap/serverkey.pem
allow bind_v2
password-hash {SSHA}
database bdb
suffix "dc=domain,dc=com"
rootdn "cn=Manager,dc=domain,dc=com"
rootpw {SSHA}JUdEYmEb9wdq9ro4gAkQ1H4vKGqBr6+7
directory /var/db/domain.com
index	objectClass eq
index	cn,sn,uid,memberUid,mail	pres,eq
index	uidNumber,gidNumber	eq
index	displayName	pres,eq
index	sambaSID,sambaPrimaryGroupSID,sambaDomainName	eq
access to *
        by * read
---end---

/etc/pam.d/sshd:
---begin---
# auth
auth            required        pam_nologin.so        
 no_warn
auth            sufficient      pam_opie.so           
 no_warn no_fake_prompts
auth            requisite       pam_opieaccess.so     
 no_warn allow_local
auth            sufficient     
/usr/local/lib/pam_ldap.so no_warn try_first_pass
auth            required        pam_unix.so           
 no_warn try_first_pass

# account
#account        required        pam_krb5.so
account         sufficient     
/usr/local/lib/pam_ldap.so
account         required        pam_login_access.so
account         required        pam_unix.so

# session
#session        optional        pam_ssh.so
session         required        pam_permit.so

# password
#password       sufficient      pam_krb5.so           
 no_warn try_first_pass
password        required        pam_unix.so           
 no_warn try_first_pass
---end---

regards,
onlyme

----------------------------------------------------------------------------

Hi All,

Have any body manage to configure ssh with openldap on
FreeBSD 5.2

I manage to configure openldap on FreeBSD 5.2. Beside
that I also manage to make it work with Samba 3.0.
However the problem is I can not make it work with
ssh.

I have google around and found this minihowto
http://www.cultdeadsheep.org/FreeBSD/docs/Quick_and_dirty_FreeBSD_5_x_and_nss_ldap_mini-HOWTO.html
but fail also to make it work

Can some body advise me...:)

Regards,
onlyme

________________________________________________________________________
Yahoo! Messenger - Communicate instantly..."Ping" 
your friends today! Download Messenger Now 
http://uk.messenger.yahoo.com/download/index.html