Pam_ldap
Dick Davies
rasputnik at hellooperator.net
Fri Oct 1 07:03:27 PDT 2004
Right, basically this is doing what I thought - just checking passwords
in AD without looking up user info, so the accounts need to exist on the bsd server
(that may become a real pain in the arse, by the way).
couple of quick checks;
1) the ldap.conf referred to should be /usr/local/etc/ldap.conf *NOT*
/etc/openldap/ldap.conf
2) can you log onto the console as these users? If you're sshing you may need
to edit /etc/pam.d/sshd, and not login.
3) what's in your logs? If you have the 'debug' flag on, something will be getting
written to - check /var/log/secure and /var/log/messages
* Bret Walker <bret-walker at northwestern.edu> [1043 13:43]:
> It is here: http://www.netsys.com/pamldap/2002/04/msg00074.html
>
> Thanks,
> Bret
>
> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org] On Behalf Of Dick Davies
> Sent: Friday, October 01, 2004 4:31 AM
> To: Bret Walker
> Cc: FreeBSD Questions
> Subject: Re: Pam_ldap
>
>
> * Bret Walker <bret-walker at northwestern.edu> [1028 00:28]:
> > I've been trying all day to get pam_ldap to authenticate an ssh
> > session against Active Directory. I thought that I had found the
> > perfect HOWTO
> > (read: one that didn't require nss_ldap), but its instructions didn't
> seem
> > to get it working on my system.
> >
> > I've read that can authenticate to AD with pam_ldap alone, and I've
> > read that you can't, as well. Does anyone have any experience doing
> > this w/o nss_ldap. I'm running 4.10, and I don't think it has support
> > for nss_ldap.
> >
> > If anyone has any advice, I'd love to hear it.
>
> You're not going to need nss_ldap if you just want to validate a password.
> But it sounds a bit odd to have existing users in /etc/passwd and only
> have the password itself from AD - and if the users don't exist in
> /etc/passwd the system won't be able to log them in.
>
> What was the howto you used?
--
Yeah, life is hilariously cruel. - Bender
Rasputin :: Jack of All Trades - Master of Nuns
More information about the freebsd-questions
mailing list