From owner-freebsd-questions@FreeBSD.ORG Sun Nov 21 22:34:32 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C810616A4CE for ; Sun, 21 Nov 2004 22:34:32 +0000 (GMT) Received: from x.ja6.com (x.ja6.com [64.239.13.73]) by mx1.FreeBSD.org (Postfix) with ESMTP id 36EB243D41 for ; Sun, 21 Nov 2004 22:34:32 +0000 (GMT) (envelope-from jkadams@computer.org) Received: from [192.168.1.102] (firewall.allciti.net [69.17.104.180]) (authenticated bits=0) by x.ja6.com (8.12.10/8.12.9) with ESMTP id iALMY9wS026345; Sun, 21 Nov 2004 17:34:10 -0500 Message-ID: <41A1185E.9070506@computer.org> Date: Sun, 21 Nov 2004 17:36:14 -0500 From: Jon Adams User-Agent: Mozilla Thunderbird 0.8 (Windows/20040913) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jon Adams References: <41A0952B.4010107@computer.org> In-Reply-To: <41A0952B.4010107@computer.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-MailScanner: Found to be clean X-MailScanner-SpamCheck: notspam (whitelisted), spamassassin (score=-104.9, required 5, autolearn=not spam, BAYES_00, USER_IN_WHITELIST) cc: freebsd-questions@freebsd.org Subject: Alsmost have NSS/PAM/LDAP... neew a lil help ( was Re: Looking for a good NSS/Pam_LDAP/Open LDAP how-to for 5.x) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Nov 2004 22:34:33 -0000 After much banging my head against the desk, I have it kinda working... I can su - to a user (from root) and get home directory... but... and I have tried PLAIN, CRYPT, and SSHA passwords... I cannot login, su - (when prompted for password), ssh in... here is a some of the conf files east# more /usr/local/etc/pam_ldap/ssh.conf host 127.0.0.1 port 389 base dc=all,dc=net ldap_version 3 ssl off tls_ciphers HIGH:MEDIUM:+SSLv2:RSA tls_checkpeer no pam_login_attribute uid east# cat /etc/pam.d/sshd # # $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $ # # PAM configuration for the "sshd" service # # auth auth sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass config=/usr/local/etc/pam_ldap/ssh.conf auth required pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass # account #account required pam_krb5.so account sufficient /usr/local/lib/pam_ldap.so config=/usr/local/etc/pam_ldap/ssh.conf account required pam_login_access.so account required pam_unix.so # session #session optional pam_ssh.so session sufficient /usr/local/lib/pam_ldap.so config=/usr/local/etc/pam_ldap/ssh.conf session required pam_permit.so # password #password sufficient pam_krb5.so no_warn try_first_pass password sufficient /usr/local/lib/pam_ldap.so config=/usr/local/etc/pam_ldap/ssh.conf password required pam_unix.so no_warn try_first_pass east# more /usr/local/etc/ldap.conf rootbinddb cn=Manager,dc=all,dc=net uri ldaps://69.17.104.19:636/ binddn cn=Manager,dc=all,dc=net ssl yes bindpw ________ port 636 nss_base_passwd ou=People,dc=all,dc=net?one nss_base_group ou=Groups,dc=all,dc=net?one pam_password SSHA > uname -a FreeBSD east 5.1-RELEASE FreeBSD 5.1-RELEASE #3: Tue Nov 9 22:43:42 GMT 2004 jka@nitro:/usr/src/sys/i386/compile/ORACLE i386 (I put in the oracle required changes and some TCP/IP related stuff) > ./slapd -VV @(#) $OpenLDAP: slapd 2.2.18 (Nov 21 2004 02:33:07) $ jka@east:/usr/ports/net/openldap22-sasl-server/work/openldap-2.2.18/servers/slapd > sshd -v sshd version OpenSSH_3.6.1p1 FreeBSD-20030423 strings on slappasswd show the following are compiled in:: {SSHA} {CRYPT} {SHA} {MD5} {LANMAN} {SASL} {UNIX} {CLEARTEXT} Jon Adams wrote: > I tried this one: > http://www.cultdeadsheep.org/FreeBSD/docs/Quick_and_dirty_FreeBSD_5_x_and_nss_ldap_mini-HOWTO.html > > > and it emphatically does not work, and I followed it to the letter.... > I think it has something to do with NSS only using SSL/port 636. > > so then I tried it with that added.... still no dice > > > Help! > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support.