Working /etc/pam.d/sshd file with pam_ldap 6.3 or 7.0 ?

Paul Schmehl pauls at
Thu Mar 27 07:51:28 PDT 2008

--On Thursday, March 27, 2008 11:17:26 +0100 Frank Bonnet <f.bonnet at> 
>> Setting up pam ldap ssh access on a FreeBSD box takes less than five
>> minutes *after* installing the correct ports.
>> 1) net/openldap-client
>> 2) security/pam_ldap
>> Then configure ldap.conf (in /usr/local/etc/) which is quite simple:
>> host {your ldap server(s) either hostname(s) or ip(s) in a
>> space-separate list
>> dc (your dn)
>> Then configure /etc/pam.d/sshd thus:
>> auth            sufficient      /usr/local/lib/      no_warn
>> try_first_pass
>> That's all that is needed.
> That's what I did , I use nss_ldap and pam_ldap since a long time now
> on many platforms and that is what do not work

Time to troubleshoot.  Is the ldap server reachable?  Is your search base 
correct?  Is a firewall blocking you?  Is the ldap server running on a 
non-standard port?

Something is wrong, but if you configured it the same way as I described, then 
the problem lies elsewhere.

>> If it doesn't work, fire up wireshark (port) or tcpdump (base) and see
>> what the problem is.
> at the very last extremity why not ?

I'm afraid I don't follow you here.

Paul Schmehl (pauls at
Senior Information Security Analyst
The University of Texas at Dallas

More information about the freebsd-questions mailing list