Re: ssh+ldap+freebsd5.2 problem

[Subscribe From]

Hi All,

Below is my configuration files. Can somebody give any
comment about it! I can not SSH using my LDAP account
Really appreciate your help..

Port Installed:
openldap-2.1.26.tgz
pam_ldap-167.tar.gz
nss_ldap-204.tar.gz
openssh-3.6.1.tgz

PUTTY:
login as: testuser
Sent username testuser
[EMAIL PROTECTED]'s password:
Access denied
[EMAIL PROTECTED]'s password:


/etc/nsswitch.conf:
---begin---
passwd: files ldap
group: files ldap
---end---

/usr/etc/ldap.conf  /etc/ldap.conf 
/usr/etc/nss_ldap.conf  /etc/nss_ldap.conf:
---begin---
host 127.0.0.1  
uri ldapi://%2fvar%2frun%2fopenldap%2fldapi/
base dc=domain,dc=com
binddn cn=proxyuser,dc=domain,dc=com
bindpw ldapadmin
pam_password SHHA 
nss_base_passwd ou=People,dc=domain,dc=com?one
nss_base_passwd ou=Computers,dc=domain,dc=com?one
nss_base_shadow ou=People,dc=domain,dc=com?one
nss_base_group ou=Groups,dc=domain,dc=com?one
---end---

/usr/local/etc/openldap/ldap.conf:
---begin---
BASE dc=domain,dc=com 
URI ldapi://%2fvar%2frun%2fopenldap%2fldapi/
---end---

# /usr/local/etc/openldap/slapd.conf:
---begin---
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include
/usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/samba.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
TLSCACertificateFile
/usr/local/etc/openldap/cacert.pem
TLSCertificateFile
/usr/local/etc/openldap/servercrt.pem
TLSCertificateKeyFile
/usr/local/etc/openldap/serverkey.pem
allow bind_v2
password-hash {SSHA}
database bdb
suffix dc=domain,dc=com
rootdn cn=Manager,dc=domain,dc=com
rootpw {SSHA}JUdEYmEb9wdq9ro4gAkQ1H4vKGqBr6+7
directory /var/db/domain.com
index   objectClass eq
index   cn,sn,uid,memberUid,mailpres,eq
index   uidNumber,gidNumber eq
index   displayName pres,eq
index   sambaSID,sambaPrimaryGroupSID,sambaDomainName   eq
access to *
by * read
---end---

/etc/pam.d/sshd:
---begin---
# auth
authrequiredpam_nologin.so
 no_warn
authsufficient  pam_opie.so   
 no_warn no_fake_prompts
authrequisite   pam_opieaccess.so 
 no_warn allow_local
authsufficient 
/usr/local/lib/pam_ldap.so no_warn try_first_pass
authrequiredpam_unix.so   
 no_warn try_first_pass

# account
#accountrequiredpam_krb5.so
account sufficient 
/usr/local/lib/pam_ldap.so
account requiredpam_login_access.so
account requiredpam_unix.so

# session
#sessionoptionalpam_ssh.so
session requiredpam_permit.so

# password
#password   sufficient  pam_krb5.so   
 no_warn try_first_pass
passwordrequiredpam_unix.so   
 no_warn try_first_pass
---end---

regards,
onlyme



Hi All,

Have any body manage to configure ssh with openldap on
FreeBSD 5.2

I manage to configure openldap on FreeBSD 5.2. Beside
that I also manage to make it work with Samba 3.0.
However the problem is I can not make it work with
ssh.

I have google around and found this minihowto
http://www.cultdeadsheep.org/FreeBSD/docs/Quick_and_dirty_FreeBSD_5_x_and_nss_ldap_mini-HOWTO.html
but fail also to make it work

Can some body advise me...:)

Regards,
onlyme


Yahoo! Messenger - Communicate instantly...Ping 
your friends today! Download Messenger Now 
http://uk.messenger.yahoo.com/download/index.html
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

ssh+ldap+freebsd5.2 problem

[Subscribe From]

Hi All,

Have any body manage to configure ssh with openldap on
FreeBSD 5.2

I manage to configure openldap on FreeBSD 5.2. Beside
that I also manage to make it work with Samba 3.0.
However the problem is I can not make it work with
ssh.

I have google around and found this minihowto
http://www.cultdeadsheep.org/FreeBSD/docs/Quick_and_dirty_FreeBSD_5_x_and_nss_ldap_mini-HOWTO.html
but fail also to make it work

Can some body advise me...:)

Regards,
onlyme


Yahoo! Messenger - Communicate instantly...Ping 
your friends today! Download Messenger Now 
http://uk.messenger.yahoo.com/download/index.html
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

FreeBSD +Samba +OpenLDAP as a Primary Domain controller

[Subscribe From]

Hi All,

I'm trying to setup
FreeBSD5.2+Samba3.0.1+OpenLDAP2.1.26 as a Primary
Domain
controller. It has been 2 weeks I'm working with it
and still not function
very well. I'm looking for step-by-step on how to
install
FreeBSD5.2+Samba3+OpenLDAP2.1.25 as a Primary Domain
controller can any body
help to guide me.

During my Googles search I come accross with alot of
documents,mailling list
and many suggestion. I got 2 references but also
failed to startup the
slapd.
1)
http://lists.samba.org/archive/samba/2003-February/061445.html
2)
http://www.cultdeadsheep.org/FreeBSD/docs/Quick_and_dirty_FreeBSD_5_x_and_nss_ldap_mini-HOWTO.html

Thank you in advance...
langbuan

Roland Wells wrote:
 Any pointers, walk-throughs, warnings or the like
would be greatly
 appreciated. If you want to see more about our
specific situation (which
 we have titled Set Us Free(BSD), check out:

http://fftechcenter.org/content/articles/setusfreebsd.html

There don't see to be any major issue.
It looks like a lot of people are interested in the
topic.

Basically, here is what I have working so far (in a
minimal production
environment of 30 people).

- FreeBSD-CURRENT with dynamic root
- LDAP Unix authentication vithe pam_ldap and nss_ldap
-- with
start_tls on for security
- Samba3 (from the samba-devel port patched for ldap
support) PDC for
Win NT/2k/XP stations; roaming profiles; group
mappings; unix/windows
password synchronisation... LDAP backend using samba3
schema
- UFS2 filesystem with ACLs enabled

I did not have any problem whatsoever yet, but I
encourage people
wanting to use this on a production intensive server
to wait for
5.2-RELEASE at the least.

Antoine


__
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.
http://taxes.yahoo.com/filing.html
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]