LDAP authentication problems

Pavel Duda element at email.cz
Sun Feb 12 06:46:07 PST 2006 

Robert Slade wrote:
> On Sun, 2006-02-12 at 13:37, Pavel Duda wrote:
> 
>>Hi,
>>I have problems to get LDAP authentiction working (pam_ldap)and after 
>>two days of struggle I'm almost giving up...
>>
>>I've tried few howtos like that one from samba.idealx.org but without 
>>success. First I wanted to run Samba PDC on FreeBSD, but I've stuck with 
>>pam_ldap authentication.
>>
>>Now I can:
>>- browse LDAP database with ldapsearch or from other machine with LDAP 
>>browser
>>- I'm able to use ldapsearch with user account created in this database ie.:
>>'ldapsearch -D "uid=testuser,ou=Users,dc=OHRADNI,dc=NET" -W'
>>'Enter LDAP Password: mypassword'
>>'[will list all entries]'
>>
>>But when I try to use it for authentication it just don't work. For 
>>example I can't login with 'ssh testuser at localhost'.
>>
>>Because I have "loglevel -1" I can see many data in /var/log/debug.log, 
>>but I'm not sure what exactly I should look for in this debug output 
>>thus I don't know if problem is on LDAP side or something else in my setup.
>>
>>(I've attached gziped part of debug.log)
>>
>>Can somebody help ?
>>Does someone have working setup of LDAP authentication on FreeBSD 6.0 
>>and would be so kind to sent me some quick howto or give an advice ?
>>
> 
> 
> I used the example on the samba site which is also available in the docs
> after samaba is installed. 
> 
> The only issues were that it is written for Linux and hence has
> different file locations and one of the Linux commands does not exist in
> FreeBSD. It is not a direct problem as it is only used for testing.
> 
> Rob 
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
> 

So you make it work on your system ?
I'm aware that guide on samba site is for linux and some of conf files 
are in different locations (like ldap.conf ). I have of course tried two 
howtos specific for FreeBSD too (like http://books.blurgle.ca/ or
http://www.cultdeadsheep.org/FreeBSD/docs/Quick_and_dirty_FreeBSD_5_x_and_nss_ldap_mini-HOWTO.html).
Still, I'm not able to determine where is my main problem, if it is LDAP 
related or some bad configuration in other part of whole authentization 
process (or maybe both).

Now I have tried to do
'id testuser'
and it is not able to recognize user and there is no additional output 
in debug.log so system doesn't even contact LDAP. So this could be the 
problem.
I must have something wrong probably in pam.d or nsswitch, but I don't 
know what :-(.

More information about the freebsd-questions mailing list