User authentication on Linux with FreeBSD OpenLDAP backend
fails: pam_ldap: error trying to bind as user/Failed password for
Dan Nelson
dnelson at allantgroup.com
Fri Mar 18 16:03:02 UTC 2011
In the last episode (Mar 18), O. Hartmann said:
> I try to use a FreeBSD OpenLDAP (FreeBSD 8.2-STABLE/amd64, most recent
> OpenLDAP/openldap-sasl-server-2.4.24) as an authentication backend for an
> UBUNTU 10.10 server (using openldap 2.4.23).
>
> Most of the installation on the Ubuntu server has been successfully done
> (I'm not familiar with Linux, but it seems that things like pam and ldap
> are quite similar to FreeBSD's installation).
>
> From the Linux/Ubuntu server, I'm able to get all users and groups via
> 'getent passwd' and 'getent group', even 'id' on an OpenLDAP backed up
> user is successfully.
>
> But when it comes to a login via sshd, login fails with this error
> (loged on Linux Ubuntu in /var/log/auth.log):
>
> Mar 18 12:01:00 freyja sshd[26824]: Failed password for testuser from 192.168.0.128 port 40734 ssh2
> Mar 18 12:01:23 freyja sshd[26854]: pam_ldap: error trying to bind as user "uid=testuser,ou=users,dc=geoinf,dc=freyja,dc=com" (Confidentiality required)
"Confidentiality required" means that the server is refusing to authenticate
over a non-encrypted connection. Try switching pam_ldap to ldaps (in your
pam ldap.conf, either change your "uri" lines to ldaps:// or add the line
"ssl on") and see if that works.
--
Dan Nelson
dnelson at allantgroup.com
More information about the freebsd-questions
mailing list