Dick Davies rasputnik at
Fri Oct 1 02:32:17 PDT 2004

* Bret Walker <bret-walker at> [1028 00:28]:
> I've been trying all day to get pam_ldap to authenticate an ssh session
> against Active Directory.  I thought that I had found the perfect HOWTO
> (read: one that didn't require nss_ldap), but its instructions didn't seem
> to get it working on my system.
> I've read that can authenticate to AD with pam_ldap alone, and I've read
> that you can't, as well.  Does anyone have any experience doing this w/o
> nss_ldap.  I'm running 4.10, and I don't think it has support for
> nss_ldap.
> If anyone has any advice, I'd love to hear it.

You're not going to need nss_ldap if you just want to validate a password.
But it sounds a bit odd to have existing users in /etc/passwd and only have
the password itself from AD - and if the users don't exist in /etc/passwd
the system won't be able to log them in.

What was the howto you used?

I think it is true for all _n. I was just playing it safe with _n >= 3
because I couldn't remember the proof.
		-- Baker, Pure Math 351a
Rasputin :: Jack of All Trades - Master of Nuns

More information about the freebsd-questions mailing list