Working /etc/pam.d/sshd file with pam_ldap 6.3 or 7.0 ?
Paul Schmehl
pauls at utdallas.edu
Thu Mar 27 07:51:28 PDT 2008
--On Thursday, March 27, 2008 11:17:26 +0100 Frank Bonnet <f.bonnet at esiee.fr>
wrote:
>>
>> Setting up pam ldap ssh access on a FreeBSD box takes less than five
>> minutes *after* installing the correct ports.
>>
>> 1) net/openldap-client
>> 2) security/pam_ldap
>>
>> Then configure ldap.conf (in /usr/local/etc/) which is quite simple:
>> host {your ldap server(s) either hostname(s) or ip(s) in a
>> space-separate list
>> dc (your dn)
>>
>> Then configure /etc/pam.d/sshd thus:
>> auth sufficient /usr/local/lib/pam_ldap.so no_warn
>> try_first_pass
>>
>> That's all that is needed.
>>
>
> That's what I did , I use nss_ldap and pam_ldap since a long time now
> on many platforms and that is what do not work
>
Time to troubleshoot. Is the ldap server reachable? Is your search base
correct? Is a firewall blocking you? Is the ldap server running on a
non-standard port?
Something is wrong, but if you configured it the same way as I described, then
the problem lies elsewhere.
>
>
>> If it doesn't work, fire up wireshark (port) or tcpdump (base) and see
>> what the problem is.
>
> at the very last extremity why not ?
>
I'm afraid I don't follow you here.
--
Paul Schmehl (pauls at utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
More information about the freebsd-questions
mailing list