"Invalid credentials" errors using pam_ldap on FreeBSD
Per olof Ljungmark
peo at intersonic.se
Fri Jul 18 23:29:39 UTC 2008
Quoting "Stephen Allen" <sdafreebsduk at rowyerboat.com>:
> Hello,
>
> I'm pretty sure I've done all the necessary steps to be able to ssh
> to my FreeBSD box using pam_ldap, but I'm getting "Invalid
> credentials" errors whenever I try (I can successfully perform an
> ldapsearch operation though).
>
> Here are snippets from my config:
>
> [/etc/nsswitch.conf]
> passwd: files ldap
>
> [/etc/pam.d/sshd]
> auth sufficient /usr/local/lib/pam_ldap.so
> auth required pam_unix.so
>
> [/usr/local/etc/ldap.conf]
> base o=brookes
> uri ldap://ldap.brookes.ac.uk:389/
> scope one
>
> And here is the error:
>
> Jul 18 19:19:41 vh1a9f58 sshd[19601]: pam_ldap: error trying to bind
> as user "uid=p0036343,o=Brookes" (Invalid credentials)
>
> Incidentally, the following ldapsearch query _IS_ successful, and
> returns me some details about user 'jsmith'
>
> ldapsearch -H ldap://ldap.brookes.ac.uk -b 'o=brookes' -x -W -D
> 'uid=me,o=Brookes' uid=jsmith
Try to increase the log level in nss_ldap.conf, debug = <level>, and
check /var/log/debug.log.
man nss_ldap(5).
--per
More information about the freebsd-questions
mailing list