LDAP Authentication from console

Kevin Mai kma at mrecic.gov.ar
Wed Oct 6 19:59:31 UTC 2010


Logins over ssh and sudo work great with ldap, but when I try to log in from console, it prompts me twice for the password.

If I put a wrong password it prints out that it cannot bind to the ldap server, what means that I'm being able to bind to ldap, but cannot login for some reason.

What is the specific file in pam.d/ that is used when authenticating through a ttyv?

----- Mensaje original -----
De: "Jason" <jhelfman at e-e.com>
Para: "Dan Nelson" <dnelson at allantgroup.com>
CC: "Kevin Mai" <kma at mrecic.gov.ar>, "freebsd-questions" <freebsd-questions at freebsd.org>
Enviados: Miércoles, 6 de Octubre 2010 14:00:08
Asunto: Re: LDAP Authentication from console

On Wed, Oct 06, 2010 at 11:59:53AM -0500, Dan Nelson thus spake:
>In the last episode (Oct 06), Kevin Mai said:
>> Hey guys,
>>
>> I've already configured PAM to authenticate against ldap and it works
>> wonderful using ssh/su/sudo/etc, but when I try to log in from
>> console it
>> prompts:
>>
>> login: kma
>> Password: xxxxxxxx
>> LDAP Password: xxxxxxxx (same as the first one)
>> Login Incorrect
>> login:
>
>Compare /etc/pam.d/login against one of your other pam services that
>works. What I do on my servers is add pam_ldap to pam.d/system, then
>blow away most
>of the lines in the other files and replace them with
>
>auth include system
>account include system
>session include system
>password include system
>
>, so I know everything uses the same configuration.

Back when I had used LDAP for authentication I also needed to edit
/etc/nsswitch.conf

Not sure if this is still the case, or if I was doing it incorrectly,
however not having didn't give me the ability to login via ldap.

-jgh


More information about the freebsd-questions mailing list