Date: Thu, 23 Apr 2015 17:25:50 -0400 From: Jaime Kikpole <jkikpole@cairodurham.org> To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: LDAP bind to Open Directory Message-ID: <CA%2Bsg5RROOHaVm71T3BJucK%2BKn3-WdStN0dezZzXkdeSYA5MOkw@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I *think* I have a FreeBSD system set up as an LDAP client. I could
be wrong about that, but it looks like I've got everything but
password checks. I was hoping someone here could help.
I made a new VM with FreeBSD 10.1. I have pam_ldap and nss_ldap
installed and (as far as I can tell) configured. I added a line to
/etc/pam.d/sshd to enable LDAP accounts to login over SSH. I figured
this was a place to test. I can still SSH as a local user, but LDAP
users aren't authenticating. When the LDAP user "testdoc6" tries to
SSH in, /var/log/messages shows this:
Apr 23 16:27:51 fstest1 sshd[819]: pam_ldap: error trying to bind as
user "uid=testdoc6,cn=users,dc=dir,dc=cairodurham,dc=org" (Invalid
credentials)
Apr 23 16:27:51 fstest1 sshd[815]: error: PAM: authentication error
for illegal user testdoc6 from 10.1.20.24
On the LDAP server, I see messages like this:
Apr 23 2015 16:27:51 520401us AUTH2:
{0x2eef29585ec611e495c7406c8f39f47e, testdoc6} CRAM-MD5 authentication
failed, SASL error -13 (password incorrect).
By contrast, when I successfully login to an old Mac file server with
testdoc6, the directory server shows this:
Apr 23 2015 16:20:23 783104us AUTH2:
{0x2eef29585ec611e495c7406c8f39f47e, testdoc6} DIGEST-MD5
authentication succeeded.
The directory server's messages appear in what Apple named "Password
Service Server Log".
Can anyone help me figure out what I did wrong?
--
Jaime Kikpole
Network Administrator
Cairo-Durham Central School District
Technical Support:
help@cairodurham.org
go.cairodurham.org/techtips
--
This electronic message and any attachment(s) may contain confidential or
legally privileged information protected by law from further disclosure and
is intended only for the individual or entity identified above as the
addressee. If you are not the addressee (or the employee or agency
responsible to deliver it to the addressee), or if this message has been
addressed to you in error, you are hereby notified that you may not copy,
forward, disclose or use any part of this message or any attachment(s).
Please notify the sender immediately by return email or telephone and
permanently delete this message and attachment(s) from your system.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2Bsg5RROOHaVm71T3BJucK%2BKn3-WdStN0dezZzXkdeSYA5MOkw>