From owner-freebsd-questions@FreeBSD.ORG Wed Oct 6 17:02:58 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B43071065674 for ; Wed, 6 Oct 2010 17:02:58 +0000 (UTC) (envelope-from jhelfman@e-e.com) Received: from mail.experts-exchange.com (mail.experts-exchange.com [72.29.183.251]) by mx1.freebsd.org (Postfix) with ESMTP id 8D8308FC0C for ; Wed, 6 Oct 2010 17:02:58 +0000 (UTC) Received: from mail.experts-exchange.com (localhost [127.0.0.1]) by mail.experts-exchange.com (Postfix) with ESMTP id 251F7F2F38A; Wed, 6 Oct 2010 10:02:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=e-e.com; h= user-agent:in-reply-to:content-disposition:content-type :content-type:mime-version:references:message-id:subject:subject :from:from:date:date:received:received:received; s=ee; t= 1286384578; x=1288198978; bh=lKiiO/DSzt1uMyPVa9pBCDsr3Kyzei98i+r oMk5xLEw=; b=enSYP7O4iT5qzzF1m0K1HdJ1zCgebfXOXZeaFimNX3Un6ZJfM6V +euiudiJSANKPybkEQtUau26/2y3T70GphOYeaQqq5X+CgkX8h44j58pI7FTIs9h +pZ+0htVIBHU9N1gWTIpLJHYOLp2lyAQpgIfg0pG1+eN/Wo8LeAOoLpY= X-Virus-Scanned: amavisd-new at experts-exchange.com Received: from mail.experts-exchange.com ([127.0.0.1]) by mail.experts-exchange.com (mail.experts-exchange.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f5oe2ulANFf6; Wed, 6 Oct 2010 10:02:58 -0700 (PDT) Received: from eggman.experts-exchange.com (unknown [192.168.103.122]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: jhelfman) by mail.experts-exchange.com (Postfix) with ESMTPSA id 93C72F2F36E; Wed, 6 Oct 2010 10:02:56 -0700 (PDT) Received: by eggman.experts-exchange.com (sSMTP sendmail emulation); Wed, 06 Oct 2010 10:00:08 -0700 Date: Wed, 6 Oct 2010 10:00:08 -0700 From: Jason To: Dan Nelson Message-ID: <20101006170008.GC79870@eggman.experts-exchange.com> References: <1258599465.73510.1286378314723.JavaMail.root@mrelmx10.mrec.ar> <20101006165953.GN40148@dan.emsphone.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20101006165953.GN40148@dan.emsphone.com> X-Operating-System: FreeBSD 7.3-RELEASE-p2 X-Living-The-Dream: I love the SLO Life! User-Agent: Mutt/1.5.20 (2009-06-14) Cc: freebsd-questions , Kevin Mai Subject: Re: LDAP Authentication from console X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Oct 2010 17:02:58 -0000 On Wed, Oct 06, 2010 at 11:59:53AM -0500, Dan Nelson thus spake: >In the last episode (Oct 06), Kevin Mai said: >> Hey guys, >> >> I've already configured PAM to authenticate against ldap and it works >> wonderful using ssh/su/sudo/etc, but when I try to log in from console it >> prompts: >> >> login: kma >> Password: xxxxxxxx >> LDAP Password: xxxxxxxx (same as the first one) >> Login Incorrect >> login: > >Compare /etc/pam.d/login against one of your other pam services that works. >What I do on my servers is add pam_ldap to pam.d/system, then blow away most >of the lines in the other files and replace them with > >auth include system >account include system >session include system >password include system > >, so I know everything uses the same configuration. Back when I had used LDAP for authentication I also needed to edit /etc/nsswitch.conf Not sure if this is still the case, or if I was doing it incorrectly, however not having didn't give me the ability to login via ldap. -jgh