from:"panos"

Re: PAM-SSH-LDAP problem

2009-04-23 Thread Panos


Anyone?


O/H Panos έγραψε:

I think I found what is the problem but I don't kow how to fix it.
from the error messages err=49 means that the password is wrong.
I'm sure that I type it correctly.
So I captured traffic using whireshark

when the manager tires toy bind everything is normal and the bind is 
succeful. In the field authentication simple of the packet the 
password was the correct
but when ldap_test tries to bind the password that it send to ldap 
server is INCORECT (   08 0a 0d 7f 49 4e 43 4f 52 52 45 43 54   
the hex field), so ldap server returns invalid credentials.


I think that this is the problem but I don't have a clue how to solve it.
I can't understand why it sends an incorect password, and most 
important which of ssh, pam, pam_ldap has the problem.


Any ideas?


O/H Panos έγραψε:

O/H Emiel van de Laar έγραψε:


On Apr 17, 2009, at 11:04 PM, Panos wrote:


hello I'm trying to setup an ldap for authenticating users.
I think that the ldap server is ok
but ssh gives me an error PAM authntication error illigal user XXX 
from XXX.XXX.XXX.XXX

I think that something is wrong when pam-ldap is quering tο ldap.
Fisrt I thounght that was acl problem so I tried something like 
this access * by * write

full access to alla but nothing.
When I'm using phpldadmin to connet to ldap I have no problem,


[snip]

Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 fd=11 ACCEPT from 
IP=127.0.0.1:51667 (IP=0.0.0.0:389)
Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 BIND 
dn=cn=manager,dc=something,dc=something,dc=something method=128
Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 BIND 
dn=cn=manager,dc=something,dc=something,dc=something mech=SIMPLE 
ssf=0
Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 RESULT tag=97 
err=0 text=
Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=1 SRCH 
base=ou=users,dc=something,dc=something,dc=something scope=2 
deref=0 filter=((?objectClass=possixAccount)(uid=ldap_test))
Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=1 SEARCH RESULT 
tag=101 err=0 nentries=0 text=value does not conform to assertion 
syntax
Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 fd=11 closed 
(connection lost)


I suggest you have a look at the LDAP filter.

The log above shows:

((?objectClass=possixAccount)(uid=ldap_test))

While I expect something like:

((objectClass=possixAccount)(uid=ldap_test))

i.e. remove the '?'.

Regards,

 - Emiel


I know, I found strange this filter but in my ldpa.conf this is the 
filter line.

pam_filter objectclass=possixAccount
So no ? should be in the filter
i tried without
pam_filter objectclass=possixAccount
and the only difference in the logs is instead of
((?objectClass=possixAccount)(uid=ldap_test))
I  get (uid=ldap_test) but still I can't log in.
then I tried with filter shadowAccount
and here is the output
It says that is not indexed why?

Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 fd=11 ACCEPT from 
IP=127.0.0.1:49379 (IP=0.0.0.0:389)
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=0 BIND 
dn=cn=manager,dc=something,dc=something,dc=something method=128
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=0 BIND 
dn=cn=manager,dc=something,dc=something,dc=something mech=SIMPLE ssf=0
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=0 RESULT tag=97 err=0 
text=
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=1 SRCH 
base=ou=users,dc=something,dc=something,dc=something scope=2 
deref=0 filter=((objectClass=shadowAccount)(uid=ldap_test))
Apr 18 07:54:13 FreeBSD slapd[593]: = bdb_equality_candidates: (uid) 
not indexed
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=1 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=2 BIND anonymous 
mech=implicit ssf=0
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=2 BIND 
dn=cn=ldap_test,ou=users,dc=something,dc=something,dc=something 
method=128
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=2 RESULT tag=97 err=49 
text=
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=3 BIND 
dn=cn=manager,dc=something,dc=something,dc=something method=128
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=3 BIND 
dn=cn=manager,dc=something,dc=something,dc=something mech=SIMPLE ssf=0
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=3 RESULT tag=97 err=0 
text=
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 fd=11 closed (connection 
lost)


then I tried with this filter

pam_filter objectclass=*
again the same error

Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 fd=11 ACCEPT from 
IP=127.0.0.1:58165 (IP=0.0.0.0:389)
Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=0 BIND 
dn=cn=manager,dc=something,dc=something,dc=something method=128
Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=0 BIND 
dn=cn=manager,dc=something,dc=something,dc=something mech=SIMPLE ssf=0
Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=0 RESULT tag=97 err=0 
text=
Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=1 SRCH 
base=ou=users,dc=something,dc=something,dc=something scope=2 
deref=0 filter=((objectClass=*)(uid=ldap_test))
Apr 18 08:07:28 FreeBSD slapd[593

Re: PAM-SSH-LDAP problem

2009-04-18 Thread Panos


O/H Emiel van de Laar έγραψε:


On Apr 17, 2009, at 11:04 PM, Panos wrote:


hello I'm trying to setup an ldap for authenticating users.
I think that the ldap server is ok
but ssh gives me an error PAM authntication error illigal user XXX 
from XXX.XXX.XXX.XXX

I think that something is wrong when pam-ldap is quering tο ldap.
Fisrt I thounght that was acl problem so I tried something like this 
access * by * write

full access to alla but nothing.
When I'm using phpldadmin to connet to ldap I have no problem,


[snip]

Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 fd=11 ACCEPT from 
IP=127.0.0.1:51667 (IP=0.0.0.0:389)
Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 BIND 
dn=cn=manager,dc=something,dc=something,dc=something method=128
Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 BIND 
dn=cn=manager,dc=something,dc=something,dc=something mech=SIMPLE ssf=0
Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 RESULT tag=97 err=0 
text=
Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=1 SRCH 
base=ou=users,dc=something,dc=something,dc=something scope=2 
deref=0 filter=((?objectClass=possixAccount)(uid=ldap_test))
Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=1 SEARCH RESULT 
tag=101 err=0 nentries=0 text=value does not conform to assertion syntax
Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 fd=11 closed (connection 
lost)


I suggest you have a look at the LDAP filter.

The log above shows:

((?objectClass=possixAccount)(uid=ldap_test))

While I expect something like:

((objectClass=possixAccount)(uid=ldap_test))

i.e. remove the '?'.

Regards,

 - Emiel


I know, I found strange this filter but in my ldpa.conf this is the 
filter line.

pam_filter objectclass=possixAccount
So no ? should be in the filter
i tried without
pam_filter objectclass=possixAccount
and the only difference in the logs is instead of
((?objectClass=possixAccount)(uid=ldap_test))
I  get (uid=ldap_test) but still I can't log in.
then I tried with filter shadowAccount
and here is the output
It says that is not indexed why?

Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 fd=11 ACCEPT from 
IP=127.0.0.1:49379 (IP=0.0.0.0:389)
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=0 BIND 
dn=cn=manager,dc=something,dc=something,dc=something method=128
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=0 BIND 
dn=cn=manager,dc=something,dc=something,dc=something mech=SIMPLE ssf=0

Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=0 RESULT tag=97 err=0 text=
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=1 SRCH 
base=ou=users,dc=something,dc=something,dc=something scope=2 deref=0 
filter=((objectClass=shadowAccount)(uid=ldap_test))
Apr 18 07:54:13 FreeBSD slapd[593]: = bdb_equality_candidates: (uid) 
not indexed
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=1 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=2 BIND anonymous 
mech=implicit ssf=0
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=2 BIND 
dn=cn=ldap_test,ou=users,dc=something,dc=something,dc=something method=128

Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=2 RESULT tag=97 err=49 text=
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=3 BIND 
dn=cn=manager,dc=something,dc=something,dc=something method=128
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=3 BIND 
dn=cn=manager,dc=something,dc=something,dc=something mech=SIMPLE ssf=0

Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=3 RESULT tag=97 err=0 text=
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 fd=11 closed (connection lost)

then I tried with this filter

pam_filter objectclass=*
again the same error

Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 fd=11 ACCEPT from 
IP=127.0.0.1:58165 (IP=0.0.0.0:389)
Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=0 BIND 
dn=cn=manager,dc=something,dc=something,dc=something method=128
Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=0 BIND 
dn=cn=manager,dc=something,dc=something,dc=something mech=SIMPLE ssf=0

Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=0 RESULT tag=97 err=0 text=
Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=1 SRCH 
base=ou=users,dc=something,dc=something,dc=something scope=2 deref=0 
filter=((objectClass=*)(uid=ldap_test))
Apr 18 08:07:28 FreeBSD slapd[593]: = bdb_equality_candidates: (uid) 
not indexed
Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=1 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=2 BIND anonymous 
mech=implicit ssf=0
Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=2 BIND 
dn=cn=ldap_test,ou=users,dc=something,dc=something,dc=something method=128

Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=2 RESULT tag=97 err=49 text=
Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=3 BIND 
dn=cn=manager,dc=something,dc=something,dc=something method=128
Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=3 BIND 
dn=cn=manager,dc=something,dc=something,dc=something mech=SIMPLE ssf=0

Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=3 RESULT tag=97 err=0 text=
Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 fd=11 closed (connection lost

Re: PAM-SSH-LDAP problem

2009-04-18 Thread Panos


O/H Benjamin Lee έγραψε:

On 04/17/2009 02:04 PM, Panos wrote:
  

hello I'm trying to setup an ldap for authenticating users.
I think that the ldap server is ok
but ssh gives me an error PAM authntication error illigal user XXX from
XXX.XXX.XXX.XXX
I think that something is wrong when pam-ldap is quering tο ldap.
Fisrt I thounght that was acl problem so I tried something like this
access * by * write
full access to alla but nothing.
When I'm using phpldadmin to connet to ldap I have no problem,


[...]

Have you enabled ldap in /etc/nsswitch.conf?

You may find it helpful to read through the FreeBSD LDAP Authentication
article[1].

[1] http://www.freebsd.org/doc/en/articles/ldap-auth/index.html


  


yes i have done this
my ldap.conf file

BASEdc=something,dc=something,dc=something
URI ldap://127.0.0.1
ssl start_tls
tls_cacertt /etc/certs/cert.crt

my ldapsearch wokrs fine. without TLS. using TLS (-Z)
ldap_start_tls: Connect error (-11)
but for now I think that this is not the problem, for pam I don't use 
lpads:// search but ldap so when I find out what wrong is with pam and 
ldap I'll check for the cerificates.

although
openssl s_client -port 636
gives this output

CONNECTED(0003)
depth=0 
/C=xx/ST=/L=/O=/OU=e/CN=x/emailaddress=xx...@x

verify error:num=18:self signed certificate
verify return:1
depth=0 
/C=xx/ST=/L=/O=/OU=e/CN=x/emailaddress=xx...@x

verify return:1
---
Certificate chain
0 
s:/C=xx/ST=/L=/O=/OU=e/CN=x/emailaddress=xx...@x
  
i:/C=xx/ST=/L=/O=/OU=e/CN=x/emailaddress=xx...@x

---
Server certificate
-BEGIN CERTIFICATE-
xx
xx
xx

-END CERTIFICATE-
subject=/C=xx/ST=/L=/O=/OU=e/CN=x/emailaddress=xx...@x
issuer=/C=xx/ST=/L=/O=/OU=e/CN=x/emailaddress=xx...@x
---
No client certificate CA names sent
---
SSL handshake has read 861 bytes and written 334 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
   Protocol  : TLSv1
   Cipher: AES256-SHA
   Session-ID: x
   Session-ID-ctx:
   Master-Key: xxx
   Key-Arg   : None
   Start Time: 1240044283
   Timeout   : 300 (sec)
   Verify return code: 18 (self signed certificate)
---


my nsswitch.conf file

group: ldap files
group_compat: nis
hosts: files dns
networks: files
group: ldap files
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files

I also tried
group:  files ldap
passwd: files ldap


but still nothing

I've started and restarted nscd many times but stiil nothing.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: PAM-SSH-LDAP problem

2009-04-18 Thread Panos


I think I found what is the problem but I don't kow how to fix it.
from the error messages err=49 means that the password is wrong.
I'm sure that I type it correctly.
So I captured traffic using whireshark

when the manager tires toy bind everything is normal and the bind is 
succeful. In the field authentication simple of the packet the password 
was the correct
but when ldap_test tries to bind the password that it send to ldap 
server is INCORECT (   08 0a 0d 7f 49 4e 43 4f 52 52 45 43 54   the 
hex field), so ldap server returns invalid credentials.


I think that this is the problem but I don't have a clue how to solve it.
I can't understand why it sends an incorect password, and most important 
which of ssh, pam, pam_ldap has the problem.


Any ideas?


O/H Panos έγραψε:

O/H Emiel van de Laar έγραψε:


On Apr 17, 2009, at 11:04 PM, Panos wrote:


hello I'm trying to setup an ldap for authenticating users.
I think that the ldap server is ok
but ssh gives me an error PAM authntication error illigal user XXX 
from XXX.XXX.XXX.XXX

I think that something is wrong when pam-ldap is quering tο ldap.
Fisrt I thounght that was acl problem so I tried something like this 
access * by * write

full access to alla but nothing.
When I'm using phpldadmin to connet to ldap I have no problem,


[snip]

Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 fd=11 ACCEPT from 
IP=127.0.0.1:51667 (IP=0.0.0.0:389)
Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 BIND 
dn=cn=manager,dc=something,dc=something,dc=something method=128
Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 BIND 
dn=cn=manager,dc=something,dc=something,dc=something mech=SIMPLE 
ssf=0
Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 RESULT tag=97 err=0 
text=
Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=1 SRCH 
base=ou=users,dc=something,dc=something,dc=something scope=2 
deref=0 filter=((?objectClass=possixAccount)(uid=ldap_test))
Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=1 SEARCH RESULT 
tag=101 err=0 nentries=0 text=value does not conform to assertion 
syntax
Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 fd=11 closed (connection 
lost)


I suggest you have a look at the LDAP filter.

The log above shows:

((?objectClass=possixAccount)(uid=ldap_test))

While I expect something like:

((objectClass=possixAccount)(uid=ldap_test))

i.e. remove the '?'.

Regards,

 - Emiel


I know, I found strange this filter but in my ldpa.conf this is the 
filter line.

pam_filter objectclass=possixAccount
So no ? should be in the filter
i tried without
pam_filter objectclass=possixAccount
and the only difference in the logs is instead of
((?objectClass=possixAccount)(uid=ldap_test))
I  get (uid=ldap_test) but still I can't log in.
then I tried with filter shadowAccount
and here is the output
It says that is not indexed why?

Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 fd=11 ACCEPT from 
IP=127.0.0.1:49379 (IP=0.0.0.0:389)
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=0 BIND 
dn=cn=manager,dc=something,dc=something,dc=something method=128
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=0 BIND 
dn=cn=manager,dc=something,dc=something,dc=something mech=SIMPLE ssf=0

Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=0 RESULT tag=97 err=0 text=
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=1 SRCH 
base=ou=users,dc=something,dc=something,dc=something scope=2 deref=0 
filter=((objectClass=shadowAccount)(uid=ldap_test))
Apr 18 07:54:13 FreeBSD slapd[593]: = bdb_equality_candidates: (uid) 
not indexed
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=1 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=2 BIND anonymous 
mech=implicit ssf=0
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=2 BIND 
dn=cn=ldap_test,ou=users,dc=something,dc=something,dc=something 
method=128
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=2 RESULT tag=97 err=49 
text=
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=3 BIND 
dn=cn=manager,dc=something,dc=something,dc=something method=128
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=3 BIND 
dn=cn=manager,dc=something,dc=something,dc=something mech=SIMPLE ssf=0

Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=3 RESULT tag=97 err=0 text=
Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 fd=11 closed (connection lost)

then I tried with this filter

pam_filter objectclass=*
again the same error

Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 fd=11 ACCEPT from 
IP=127.0.0.1:58165 (IP=0.0.0.0:389)
Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=0 BIND 
dn=cn=manager,dc=something,dc=something,dc=something method=128
Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=0 BIND 
dn=cn=manager,dc=something,dc=something,dc=something mech=SIMPLE ssf=0
Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=0 RESULT tag=97 err=0 
text=
Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=1 SRCH 
base=ou=users,dc=something,dc=something,dc=something scope=2 deref=0 
filter=((objectClass=*)(uid=ldap_test))
Apr 18 08:07:28 FreeBSD slapd[593]: = bdb_equality_candidates: (uid

PAM-SSH-LDAP problem

2009-04-17 Thread Panos


hello I'm trying to setup an ldap for authenticating users.
I think that the ldap server is ok
but ssh gives me an error PAM authntication error illigal user XXX from 
XXX.XXX.XXX.XXX

I think that something is wrong when pam-ldap is quering tο ldap.
Fisrt I thounght that was acl problem so I tried something like this 
access * by * write

full access to alla but nothing.
When I'm using phpldadmin to connet to ldap I have no problem,
my ldap.conf
base dc=something,dc=something,dc=something
uri ldap://XXX.XXX.XXX.XXX/
ldap_version 3
binddn cn=manager,dc=something,dc=something,dc=something
bindpw password(uncrypted)
scope sub
pam_filter objectclass=possixAccount
pam_login_attribute uid
pam_check_host_attr yes
pam_check_service_attr no
nss_base_passwdou=users,dc=something,dc=something,dc=something?sub
nss_base_shadowou=users,dc=something,dc=something,dc=something?sub
nss_base_group ou=groups,dc=something,dc=something,dc=something?sub

I have tried this too but still nothing

base dc=something,dc=something,dc=something
uri ldap://XXX.XXX.XXX.XXX/
ldap_version 3
binddn cn=manager,dc=something,dc=something,dc=something
bindpw password(uncrypted)
scope sub
pam_filter objectclass=possixAccount
pam_login_attribute uid
nss_base_passwdou=users,dc=something,dc=something,dc=something?sub
nss_base_shadowou=users,dc=something,dc=something,dc=something?sub
nss_base_group ou=groups,dc=something,dc=something,dc=something?sub



my nss_ldap.conf

base ou=users,dc=something,dc=something,dc=something
uri ldap://XXX.XXX.XXX.XXX/
ldap_version 3


my slapd.conf

include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/sendmail.schema
include /usr/local/etc/openldap/schema/pureftpd.schema
include /usr/local/etc/openldap/schema/radius.schema

pidfile /var/run/openldap/slapd.pid
argsfile/var/run/openldap/slapd.args

loglevel -256
sizelimit 1000
lastmod on

modulepath  /usr/local/libexec/openldap
moduleload  back_bdb

access to *
  by self write
  by dn=cn=Manager,dc=something,dc=something,dc=something write
  by users read
  by anonymous auth

access to attr=userPassword
  by dn=cn=Manager,dc=something,dc=something,dc=something write
  by anonymous auth
  by self write
  by * none

databasebdb
suffix  dc=something,dc=something,dc=something
rootdn  cn=Manager,dc=something,dc=something,dc=something
rootpw  {CRYPT}PASSWORD.

directory   /var/db/openldap-data

TLSVerifyClient demand

TLSCertificateFile  /etc/certs/cert.crt
TLSCertificateKeyFile   /etc/certs/cert.key
TLSCACertificateFile/etc/certs/cert.crt
TLSCipherSuite HIGH:MEDIUM:+SSLv2

index   objectClass eq
index  uid eq,pres
index  cn  eq,pres
index  maileq,pres
index  ou  eq,pres,sub
index  uidnumber   eq,pres
index  gidnumber   eq,pres


my pam.d/ssh

authsufficient  pam_opie.so no_warn 
no_fake_prompts

authrequisite   pam_opieaccess.so   no_warn allow_local
authsufficient  /usr/local/lib/pam_ldap.so  no_warn
authrequiredpam_unix.so no_warn 
try_first_pass


# account
account requiredpam_nologin.so  no_warn
account requiredpam_login_access.so
account required/usr/local/lib/pam_ldap.so  no_warn 
ignore_authinfo_unavail ignore_unknown_user



# session
session requiredpam_permit.so

# password
passwordrequiredpam_unix.so no_warn 
try_first_pass


and my ldap.log output

Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 fd=11 ACCEPT from 
IP=127.0.0.1:51667 (IP=0.0.0.0:389)
Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 BIND 
dn=cn=manager,dc=something,dc=something,dc=something method=128
Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 BIND 
dn=cn=manager,dc=something,dc=something,dc=something mech=SIMPLE ssf=0

Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 RESULT tag=97 err=0 text=
Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=1 SRCH 
base=ou=users,dc=something,dc=something,dc=something scope=2 deref=0 
filter=((?objectClass=possixAccount)(uid=ldap_test))
Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=1 SEARCH RESULT tag=101 
err=0 nentries=0 text=value does not conform to assertion syntax

Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 fd=11 closed (connection lost)



if you could help me I would be gratefull.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to

How to Update my Freebsd packages kernel and Core

2009-04-02 Thread Panos

Hello I'm new to Freebsd and I would like to know if there is anything 
like apt-get for upgrating everything in my Freebsd. If  not Could you 
tell me how I can do it.
Some of my packages are from ports and some using the sysinstall and I 
install them from the cd.

I use Freebsd 7.1

thank you very much.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Help with dmesg

2009-01-08 Thread Panos


O/H Rem P Roberti έγραψε:

Peter Boosten wrote:

Rem P Roberti wrote:

Peter Boosten wrote:

Rem P Roberti wrote:


INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clamav/clmilter.sock,
F=, T=S:4m;R:4m')

I don't think the F= parameter can be empty (IIRC): it describes what
your sendmail is supposed to do once clam isn't active (either 
'F=R' for

reject or 'F=T' for temporary unavailable).

Peter


BTW, I noticed that when I try to do a newaliases command
the same error message comes up: /etc/mail/sendmail.cf: line 48: 
unknown

configuration line 




What's in your sendmail.cf then? Display lines 40 - 60.

Peter


Here are the actual sendmail.cf lines 41-59:

41 # $Id: redirect.m4,v 8.15 1999/08/06 01:47:36 gshapiro Exp $ #
42
43 # $Id: use_cw_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $ 
#

44
45
46
47
48
49
50 # $Id: access_db.m4,v 8.27 2006/07/06 21:10:10 ca Exp $ #
51
52
53 # $Id: blacklist_recipients.m4,v 8.13 1999/04/02 02:25:13 
gshapiro Exp $ #

54
55
56 # $Id: local_lmtp.m4,v 8.17 2002/11/17 04:41:04 ca Exp $ #
57
58
59 # $Id: mailertable.m4,v 8.25 2002/06/27

Not very interesting, is it. I have the feeling that this problem 
belongs on another list. Thanks

for the help, Peter. I will continue to watch here.

Rem


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to 
freebsd-questions-unsubscr...@freebsd.org
if I remember rigth I had the same problem months ago, but I'm not 
really sure how I solved it.
First try to delete the lines 44 - 49 of yourr's .cf file. then try to 
restart sendmail.
if that doesn't work try dnl after every line in the .mc file. e.x 
INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clamav/clmilter.sock,F=, 
T=S:4m;R:4m') dnl

I think something like that I did and it works. But I'm not so sure.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Forcing a port to install?

2007-08-02 Thread Panos P.

On Thu, Aug 02, 2007 at 12:35:52PM -0700, Chris Maness wrote:
 If a port has been black listed by portaudit, how do you install it anyway?

try adding DISABLE_VULNERABILITIES=yes to /etc/make.conf
(do not forget to unset it afterwards though ;)

-- 
Panos Paganis [EMAIL PROTECTED]


pgpe9PwByvNTq.pgp
Description: PGP signature

support

2004-07-08 Thread panos

i have P4 3Ghz.can i use bsd in my system?
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: PAM-SSH-LDAP problem

Re: PAM-SSH-LDAP problem

Re: PAM-SSH-LDAP problem

Re: PAM-SSH-LDAP problem

PAM-SSH-LDAP problem

How to Update my Freebsd packages kernel and Core

Re: Help with dmesg

Re: Forcing a port to install?

support

9 matches

Site Navigation

Mail list logo

Footer information