Date: Wed, 6 Oct 2010 15:59:28 -0400 (EDT) From: Kevin Mai <kma@mrecic.gov.ar> To: Jason <jhelfman@e-e.com> Cc: Dan Nelson <dnelson@allantgroup.com>, freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: LDAP Authentication from console Message-ID: <153688316.74346.1286395168789.JavaMail.root@mrelmx10.mrec.ar> In-Reply-To: <1055203947.74344.1286395101949.JavaMail.root@mrelmx10.mrec.ar>
next in thread | previous in thread | raw e-mail | index | archive | help
Logins over ssh and sudo work great with ldap, but when I try to log in fro= m console, it prompts me twice for the password. If I put a wrong password it prints out that it cannot bind to the ldap ser= ver, what means that I'm being able to bind to ldap, but cannot login for s= ome reason. What is the specific file in pam.d/ that is used when authenticating throug= h a ttyv? ----- Mensaje original ----- De: "Jason" <jhelfman@e-e.com> Para: "Dan Nelson" <dnelson@allantgroup.com> CC: "Kevin Mai" <kma@mrecic.gov.ar>, "freebsd-questions" <freebsd-questions= @freebsd.org> Enviados: Mi=C3=A9rcoles, 6 de Octubre 2010 14:00:08 Asunto: Re: LDAP Authentication from console On Wed, Oct 06, 2010 at 11:59:53AM -0500, Dan Nelson thus spake: >In the last episode (Oct 06), Kevin Mai said: >> Hey guys, >> >> I've already configured PAM to authenticate against ldap and it works >> wonderful using ssh/su/sudo/etc, but when I try to log in from >> console it >> prompts: >> >> login: kma >> Password: xxxxxxxx >> LDAP Password: xxxxxxxx (same as the first one) >> Login Incorrect >> login: > >Compare /etc/pam.d/login against one of your other pam services that >works. What I do on my servers is add pam_ldap to pam.d/system, then >blow away most >of the lines in the other files and replace them with > >auth include system >account include system >session include system >password include system > >, so I know everything uses the same configuration. Back when I had used LDAP for authentication I also needed to edit /etc/nsswitch.conf Not sure if this is still the case, or if I was doing it incorrectly, however not having didn't give me the ability to login via ldap. -jgh
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?153688316.74346.1286395168789.JavaMail.root>