From owner-freebsd-questions@FreeBSD.ORG Wed Oct 6 19:59:31 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C9990106564A for ; Wed, 6 Oct 2010 19:59:31 +0000 (UTC) (envelope-from kma@mrecic.gov.ar) Received: from mx1.mrecic.gov.ar (mx1.mrecic.gov.ar [200.16.99.221]) by mx1.freebsd.org (Postfix) with ESMTP id 5E9FA8FC0A for ; Wed, 6 Oct 2010 19:59:31 +0000 (UTC) Received: from mrelmx08.mrec.ar ([140.191.48.40]) by mx1.mrecic.gov.ar with ESMTP; 06 Oct 2010 16:59:29 -0300 Received: from localhost (localhost.localdomain [127.0.0.1]) by mrelmx08.mrec.ar (Postfix) with ESMTP id 88B896E14B; Thu, 7 Oct 2010 17:42:34 -0300 (ART) X-Virus-Scanned: amavisd-new at mrelmx08.mrec.ar Received: from mrelmx08.mrec.ar ([127.0.0.1]) by localhost (mrelmx08.mrec.ar [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 48Pa9OqyzLnY; Thu, 7 Oct 2010 17:42:34 -0300 (ART) Received: from mrelmx06.mrec.ar (mrelmx10.mrec.ar [140.191.48.45]) by mrelmx08.mrec.ar (Postfix) with ESMTP id 3372F6E05A; Thu, 7 Oct 2010 17:42:34 -0300 (ART) Date: Wed, 6 Oct 2010 15:59:28 -0400 (EDT) From: Kevin Mai To: Jason Message-ID: <153688316.74346.1286395168789.JavaMail.root@mrelmx10.mrec.ar> In-Reply-To: <1055203947.74344.1286395101949.JavaMail.root@mrelmx10.mrec.ar> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Originating-IP: [140.191.48.40] X-Mailer: Zimbra 6.0.6_GA_2330.DEBIAN5_64 (ZimbraWebClient - FF3.0 (Linux)/6.0.6_GA_2330.DEBIAN5_64) Cc: Dan Nelson , freebsd-questions Subject: Re: LDAP Authentication from console X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Oct 2010 19:59:31 -0000 Logins over ssh and sudo work great with ldap, but when I try to log in fro= m console, it prompts me twice for the password. If I put a wrong password it prints out that it cannot bind to the ldap ser= ver, what means that I'm being able to bind to ldap, but cannot login for s= ome reason. What is the specific file in pam.d/ that is used when authenticating throug= h a ttyv? ----- Mensaje original ----- De: "Jason" Para: "Dan Nelson" CC: "Kevin Mai" , "freebsd-questions" Enviados: Mi=C3=A9rcoles, 6 de Octubre 2010 14:00:08 Asunto: Re: LDAP Authentication from console On Wed, Oct 06, 2010 at 11:59:53AM -0500, Dan Nelson thus spake: >In the last episode (Oct 06), Kevin Mai said: >> Hey guys, >> >> I've already configured PAM to authenticate against ldap and it works >> wonderful using ssh/su/sudo/etc, but when I try to log in from >> console it >> prompts: >> >> login: kma >> Password: xxxxxxxx >> LDAP Password: xxxxxxxx (same as the first one) >> Login Incorrect >> login: > >Compare /etc/pam.d/login against one of your other pam services that >works. What I do on my servers is add pam_ldap to pam.d/system, then >blow away most >of the lines in the other files and replace them with > >auth include system >account include system >session include system >password include system > >, so I know everything uses the same configuration. Back when I had used LDAP for authentication I also needed to edit /etc/nsswitch.conf Not sure if this is still the case, or if I was doing it incorrectly, however not having didn't give me the ability to login via ldap. -jgh