Hi!
Daniel Bond wrote:
# auth
...
This pam.d/ssh config working fine for me:
# auth
auth required pam_nologin.so no_warn
auth sufficient pam_opie.so no_warn
no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
#auth sufficient pam_krb5.so no_warn
try_first_pass
#auth sufficient pam_ssh.so no_warn
try_first_pass
auth sufficient /usr/local/lib/pam_ldap.so no_warn
try_first_pass
auth required pam_unix.so no_warn
try_first_pass
# account
account required pam_nologin.so
#account required pam_krb5.so
account required pam_login_access.so
account required /usr/local/lib/pam_ldap.so
ignore_authinfo_unavail ignore_unknown_user
account required pam_unix.so
# session
#session optional pam_ssh.so
session required /usr/local/lib/pam_mkhomedir.so debug
umask=0077 skel=/usr/local/share/skel
session required pam_permit.so
# password
#password sufficient pam_krb5.so no_warn
try_first_pass
password required pam_unix.so no_warn
try_first_pass
I'm pretty sure my ldap.conf and nsswitch.conf are OK, but here they are
anyway:
/usr/local/etc/nss_ldap.conf -> openldap/ldap.conf
/usr/local/etc/ldap.conf -> openldap/ldap.conf
I'm not sure is it correct.
etc/ldap.conf and etc/openldap/ldap.conf -- different files for
different purposes.
etc/nss_ldap.conf -> etc/ldap.conf -- it's correct.
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
base dc=nsn, dc=no
HOST 1.slave.1881.int.nsn.no master.1881.int.nsn.no
port 389
ldap_version 3
bind_policy soft
^^^^^^^^^^^^^^^^^^
Try replace to
bind_policy hard
Developers doesn't like "soft". I don't know why, but it periodically
it's broken in new versions nss_ldap (2 time for last 3 years AFAIR).
I'm not sure about current status. It must be tested.
Also try
echo "debug 9" >> /usr/local/etc/ldap.conf
For details see
slapd.conf(5) about loglevel
WBR.
Dmitriy
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
