From owner-freebsd-questions@FreeBSD.ORG Thu Apr 23 21:26:18 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 68182CF1 for ; Thu, 23 Apr 2015 21:26:18 +0000 (UTC) Received: from mail-ie0-f174.google.com (mail-ie0-f174.google.com [209.85.223.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3ED941588 for ; Thu, 23 Apr 2015 21:26:17 +0000 (UTC) Received: by iejt8 with SMTP id t8so70868925iej.2 for ; Thu, 23 Apr 2015 14:26:10 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-type; bh=fTUTFCpXGp22hZ+DQu1XdDHsphRh6YVKh+LpfW2e9Yo=; b=GMx3z9ad+xevOJX7cZQAA3riw0Z2yT8RBrReiC3kOr5jV5h+uWS6Ezxr0Oo1ykYyVZ 9SjwF5hn7IaPH/rzEh/Fx6Hc97zTpcPHI46GdCd/HBvI7XxAWL/7tdt1aLgE57Wffd9Q WDWJd3jGNRJr39oQlRSKWe3ddlwwrG684ZLC1ify88nwoK29frf0MCU47EDK3YU26szr vs8yAmPDPPbQbq8VMdH9lNUKgMgi3U4xKhuV+BfU0mgIkLdQLz9yDYpDaufHWp+8pMvh MFxIL7KR7t1ZKDrXsiAl42Gu/iGii6dMzZKmPTRjakbHLqHCatynCX+eT0YMIsvuhKg4 J0sg== X-Gm-Message-State: ALoCoQke4Nd2p8NABJWUujkJd9jjdTAnXJIIwWIciiqtkWjyy9qQfbUK/uhU/mNL7UriXFO0N3S8MqHXnunS8ShQ9jYlPEzstf4Kp9x/sS+COvimmB+MdgTl20J0MhN59eDpIsDEzjwp X-Received: by 10.107.12.158 with SMTP id 30mr6599236iom.61.1429824370840; Thu, 23 Apr 2015 14:26:10 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.3.76 with HTTP; Thu, 23 Apr 2015 14:25:50 -0700 (PDT) From: Jaime Kikpole Date: Thu, 23 Apr 2015 17:25:50 -0400 Message-ID: Subject: LDAP bind to Open Directory To: "freebsd-questions@freebsd.org" Content-Type: text/plain; charset=US-ASCII X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Apr 2015 21:26:18 -0000 I *think* I have a FreeBSD system set up as an LDAP client. I could be wrong about that, but it looks like I've got everything but password checks. I was hoping someone here could help. I made a new VM with FreeBSD 10.1. I have pam_ldap and nss_ldap installed and (as far as I can tell) configured. I added a line to /etc/pam.d/sshd to enable LDAP accounts to login over SSH. I figured this was a place to test. I can still SSH as a local user, but LDAP users aren't authenticating. When the LDAP user "testdoc6" tries to SSH in, /var/log/messages shows this: Apr 23 16:27:51 fstest1 sshd[819]: pam_ldap: error trying to bind as user "uid=testdoc6,cn=users,dc=dir,dc=cairodurham,dc=org" (Invalid credentials) Apr 23 16:27:51 fstest1 sshd[815]: error: PAM: authentication error for illegal user testdoc6 from 10.1.20.24 On the LDAP server, I see messages like this: Apr 23 2015 16:27:51 520401us AUTH2: {0x2eef29585ec611e495c7406c8f39f47e, testdoc6} CRAM-MD5 authentication failed, SASL error -13 (password incorrect). By contrast, when I successfully login to an old Mac file server with testdoc6, the directory server shows this: Apr 23 2015 16:20:23 783104us AUTH2: {0x2eef29585ec611e495c7406c8f39f47e, testdoc6} DIGEST-MD5 authentication succeeded. The directory server's messages appear in what Apple named "Password Service Server Log". Can anyone help me figure out what I did wrong? -- Jaime Kikpole Network Administrator Cairo-Durham Central School District Technical Support: help@cairodurham.org go.cairodurham.org/techtips -- This electronic message and any attachment(s) may contain confidential or legally privileged information protected by law from further disclosure and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agency responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachment(s). Please notify the sender immediately by return email or telephone and permanently delete this message and attachment(s) from your system.