LDAP bind to Open Directory
markham breitbach
markhamb at corp.ssimicro.com
Fri Apr 24 03:25:26 UTC 2015
Hi,
It looks like you are using a different auth method on the new server:
>> CRAM-MD5 authentication failed.
The old Mac server appears to be using DIGEST-MD5
I'm not sure how that gets configured though. I have always used
LDAP-TLS to ensure that my passwords are protected in transit.
-M
On 2015-04-23 3:25 PM, Jaime Kikpole wrote:
> I *think* I have a FreeBSD system set up as an LDAP client. I could
> be wrong about that, but it looks like I've got everything but
> password checks. I was hoping someone here could help.
>
> I made a new VM with FreeBSD 10.1. I have pam_ldap and nss_ldap
> installed and (as far as I can tell) configured. I added a line to
> /etc/pam.d/sshd to enable LDAP accounts to login over SSH. I figured
> this was a place to test. I can still SSH as a local user, but LDAP
> users aren't authenticating. When the LDAP user "testdoc6" tries to
> SSH in, /var/log/messages shows this:
>
> Apr 23 16:27:51 fstest1 sshd[819]: pam_ldap: error trying to bind as
> user "uid=testdoc6,cn=users,dc=dir,dc=cairodurham,dc=org" (Invalid
> credentials)
> Apr 23 16:27:51 fstest1 sshd[815]: error: PAM: authentication error
> for illegal user testdoc6 from 10.1.20.24
>
> On the LDAP server, I see messages like this:
>
> Apr 23 2015 16:27:51 520401us AUTH2:
> {0x2eef29585ec611e495c7406c8f39f47e, testdoc6} CRAM-MD5 authentication
> failed, SASL error -13 (password incorrect).
>
> By contrast, when I successfully login to an old Mac file server with
> testdoc6, the directory server shows this:
>
> Apr 23 2015 16:20:23 783104us AUTH2:
> {0x2eef29585ec611e495c7406c8f39f47e, testdoc6} DIGEST-MD5
> authentication succeeded.
>
> The directory server's messages appear in what Apple named "Password
> Service Server Log".
>
> Can anyone help me figure out what I did wrong?
>
>
More information about the freebsd-questions
mailing list