O/H Benjamin Lee έγραψε:
On 04/17/2009 02:04 PM, Panos wrote:
hello I'm trying to setup an ldap for authenticating users.
I think that the ldap server is ok
but ssh gives me an error PAM authntication error illigal user XXX from
I think that something is wrong when pam-ldap is quering tο ldap.
Fisrt I thounght that was acl problem so I tried something like this
access * by * write
full access to alla but nothing.
When I'm using phpldadmin to connet to ldap I have no problem,

Have you enabled ldap in /etc/nsswitch.conf?

You may find it helpful to read through the FreeBSD LDAP Authentication

[1] http://www.freebsd.org/doc/en/articles/ldap-auth/index.html

yes i have done this
my ldap.conf file

BASE    dc=something,dc=something,dc=something
URI     ldap://
ssl start_tls
tls_cacertt /etc/certs/cert.crt

my ldapsearch wokrs fine. without TLS. using TLS (-Z)
ldap_start_tls: Connect error (-11)
but for now I think that this is not the problem, for pam I don't use lpads:// search but ldap so when I find out what wrong is with pam and ldap I'll check for the cerificates.
openssl s_client -port 636
gives this output

depth=0 /C=xx/ST=xxxx/L=xxxx/O=xxxx/OU=xxxxe/CN=xxxxxxxxx/emailaddress=xx...@xxxxxxxxxxxxx
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=xx/ST=xxxx/L=xxxx/O=xxxx/OU=xxxxe/CN=xxxxxxxxx/emailaddress=xx...@xxxxxxxxxxxxx
verify return:1
Certificate chain
0 s:/C=xx/ST=xxxx/L=xxxx/O=xxxx/OU=xxxxe/CN=xxxxxxxxx/emailaddress=xx...@xxxxxxxxxxxxx i:/C=xx/ST=xxxx/L=xxxx/O=xxxx/OU=xxxxe/CN=xxxxxxxxx/emailaddress=xx...@xxxxxxxxxxxxx
Server certificate
No client certificate CA names sent
SSL handshake has read 861 bytes and written 334 bytes
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
   Protocol  : TLSv1
   Cipher    : AES256-SHA
   Session-ID: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
   Master-Key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
   Key-Arg   : None
   Start Time: 1240044283
   Timeout   : 300 (sec)
   Verify return code: 18 (self signed certificate)

my nsswitch.conf file

group: ldap files
group_compat: nis
hosts: files dns
networks: files
group: ldap files
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files

I also tried
group:  files ldap
passwd: files ldap

but still nothing

I've started and restarted nscd many times but stiil nothing.

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to