From owner-freebsd-questions@FreeBSD.ORG  Wed Oct  6 16:59:58 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9DE461065675
	for <freebsd-questions@freebsd.org>;
	Wed,  6 Oct 2010 16:59:58 +0000 (UTC)
	(envelope-from dan@dan.emsphone.com)
Received: from email1.allantgroup.com (email1.emsphone.com [199.67.51.115])
	by mx1.freebsd.org (Postfix) with ESMTP id 38A078FC24
	for <freebsd-questions@freebsd.org>;
	Wed,  6 Oct 2010 16:59:57 +0000 (UTC)
Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101])
	by email1.allantgroup.com (8.14.0/8.14.0) with ESMTP id o96Gxs89032582
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <freebsd-questions@freebsd.org>;
	Wed, 6 Oct 2010 11:59:54 -0500 (CDT)
	(envelope-from dan@dan.emsphone.com)
Received: from dan.emsphone.com (smmsp@localhost [127.0.0.1])
	by dan.emsphone.com (8.14.4/8.14.4) with ESMTP id o96Gxshl060357
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <freebsd-questions@freebsd.org>;
	Wed, 6 Oct 2010 11:59:54 -0500 (CDT)
	(envelope-from dan@dan.emsphone.com)
Received: (from dan@localhost)
	by dan.emsphone.com (8.14.4/8.14.4/Submit) id o96Gxrpm060340;
	Wed, 6 Oct 2010 11:59:53 -0500 (CDT) (envelope-from dan)
Date: Wed, 6 Oct 2010 11:59:53 -0500
From: Dan Nelson <dnelson@allantgroup.com>
To: Kevin Mai <kma@mrecic.gov.ar>
Message-ID: <20101006165953.GN40148@dan.emsphone.com>
References: <1258599465.73510.1286378314723.JavaMail.root@mrelmx10.mrec.ar>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1258599465.73510.1286378314723.JavaMail.root@mrelmx10.mrec.ar>
X-OS: FreeBSD 8.1-STABLE
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Virus-Scanned: clamav-milter 0.96 at email1.allantgroup.com
X-Virus-Status: Clean
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2
	(email1.allantgroup.com [199.67.51.78]);
	Wed, 06 Oct 2010 11:59:55 -0500 (CDT)
X-Scanned-By: MIMEDefang 2.45
Cc: freebsd-questions <freebsd-questions@freebsd.org>
Subject: Re: LDAP Authentication from console
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Oct 2010 16:59:58 -0000

In the last episode (Oct 06), Kevin Mai said:
> Hey guys, 
> 
> I've already configured PAM to authenticate against ldap and it works
> wonderful using ssh/su/sudo/etc, but when I try to log in from console it
> prompts:
> 
> login: kma 
> Password: xxxxxxxx 
> LDAP Password: xxxxxxxx (same as the first one) 
> Login Incorrect 
> login: 

Compare /etc/pam.d/login against one of your other pam services that works. 
What I do on my servers is add pam_ldap to pam.d/system, then blow away most
of the lines in the other files and replace them with

auth            include         system
account         include         system
session         include         system
password        include         system

, so I know everything uses the same configuration.

-- 
	Dan Nelson
	dnelson@allantgroup.com