Re: PAM-SSH-LDAP problem
Anyone? O/H Panos έγραψε: I think I found what is the problem but I don't kow how to fix it. from the error messages err=49 means that the password is wrong. I'm sure that I type it correctly. So I captured traffic using whireshark when the manager tires toy bind everything is normal and the bind is succeful. In the field authentication simple of the packet the password was the correct but when ldap_test tries to bind the password that it send to ldap server is INCORECT ( 08 0a 0d 7f 49 4e 43 4f 52 52 45 43 54 the hex field), so ldap server returns invalid credentials. I think that this is the problem but I don't have a clue how to solve it. I can't understand why it sends an incorect password, and most important which of ssh, pam, pam_ldap has the problem. Any ideas? O/H Panos έγραψε: O/H Emiel van de Laar έγραψε: On Apr 17, 2009, at 11:04 PM, Panos wrote: hello I'm trying to setup an ldap for authenticating users. I think that the ldap server is ok but ssh gives me an error PAM authntication error illigal user XXX from XXX.XXX.XXX.XXX I think that something is wrong when pam-ldap is quering tο ldap. Fisrt I thounght that was acl problem so I tried something like this access * by * write full access to alla but nothing. When I'm using phpldadmin to connet to ldap I have no problem, [snip] Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 fd=11 ACCEPT from IP=127.0.0.1:51667 (IP=0.0.0.0:389) Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 BIND dn=cn=manager,dc=something,dc=something,dc=something method=128 Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 BIND dn=cn=manager,dc=something,dc=something,dc=something mech=SIMPLE ssf=0 Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 RESULT tag=97 err=0 text= Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=1 SRCH base=ou=users,dc=something,dc=something,dc=something scope=2 deref=0 filter=((?objectClass=possixAccount)(uid=ldap_test)) Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=value does not conform to assertion syntax Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 fd=11 closed (connection lost) I suggest you have a look at the LDAP filter. The log above shows: ((?objectClass=possixAccount)(uid=ldap_test)) While I expect something like: ((objectClass=possixAccount)(uid=ldap_test)) i.e. remove the '?'. Regards, - Emiel I know, I found strange this filter but in my ldpa.conf this is the filter line. pam_filter objectclass=possixAccount So no ? should be in the filter i tried without pam_filter objectclass=possixAccount and the only difference in the logs is instead of ((?objectClass=possixAccount)(uid=ldap_test)) I get (uid=ldap_test) but still I can't log in. then I tried with filter shadowAccount and here is the output It says that is not indexed why? Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 fd=11 ACCEPT from IP=127.0.0.1:49379 (IP=0.0.0.0:389) Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=0 BIND dn=cn=manager,dc=something,dc=something,dc=something method=128 Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=0 BIND dn=cn=manager,dc=something,dc=something,dc=something mech=SIMPLE ssf=0 Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=0 RESULT tag=97 err=0 text= Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=1 SRCH base=ou=users,dc=something,dc=something,dc=something scope=2 deref=0 filter=((objectClass=shadowAccount)(uid=ldap_test)) Apr 18 07:54:13 FreeBSD slapd[593]: = bdb_equality_candidates: (uid) not indexed Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=2 BIND anonymous mech=implicit ssf=0 Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=2 BIND dn=cn=ldap_test,ou=users,dc=something,dc=something,dc=something method=128 Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=2 RESULT tag=97 err=49 text= Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=3 BIND dn=cn=manager,dc=something,dc=something,dc=something method=128 Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=3 BIND dn=cn=manager,dc=something,dc=something,dc=something mech=SIMPLE ssf=0 Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=3 RESULT tag=97 err=0 text= Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 fd=11 closed (connection lost) then I tried with this filter pam_filter objectclass=* again the same error Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 fd=11 ACCEPT from IP=127.0.0.1:58165 (IP=0.0.0.0:389) Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=0 BIND dn=cn=manager,dc=something,dc=something,dc=something method=128 Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=0 BIND dn=cn=manager,dc=something,dc=something,dc=something mech=SIMPLE ssf=0 Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=0 RESULT tag=97 err=0 text= Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=1 SRCH base=ou=users,dc=something,dc=something,dc=something scope=2 deref=0 filter=((objectClass=*)(uid=ldap_test)) Apr 18 08:07:28 FreeBSD slapd[593
Re: PAM-SSH-LDAP problem
O/H Emiel van de Laar έγραψε: On Apr 17, 2009, at 11:04 PM, Panos wrote: hello I'm trying to setup an ldap for authenticating users. I think that the ldap server is ok but ssh gives me an error PAM authntication error illigal user XXX from XXX.XXX.XXX.XXX I think that something is wrong when pam-ldap is quering tο ldap. Fisrt I thounght that was acl problem so I tried something like this access * by * write full access to alla but nothing. When I'm using phpldadmin to connet to ldap I have no problem, [snip] Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 fd=11 ACCEPT from IP=127.0.0.1:51667 (IP=0.0.0.0:389) Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 BIND dn=cn=manager,dc=something,dc=something,dc=something method=128 Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 BIND dn=cn=manager,dc=something,dc=something,dc=something mech=SIMPLE ssf=0 Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 RESULT tag=97 err=0 text= Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=1 SRCH base=ou=users,dc=something,dc=something,dc=something scope=2 deref=0 filter=((?objectClass=possixAccount)(uid=ldap_test)) Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=value does not conform to assertion syntax Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 fd=11 closed (connection lost) I suggest you have a look at the LDAP filter. The log above shows: ((?objectClass=possixAccount)(uid=ldap_test)) While I expect something like: ((objectClass=possixAccount)(uid=ldap_test)) i.e. remove the '?'. Regards, - Emiel I know, I found strange this filter but in my ldpa.conf this is the filter line. pam_filter objectclass=possixAccount So no ? should be in the filter i tried without pam_filter objectclass=possixAccount and the only difference in the logs is instead of ((?objectClass=possixAccount)(uid=ldap_test)) I get (uid=ldap_test) but still I can't log in. then I tried with filter shadowAccount and here is the output It says that is not indexed why? Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 fd=11 ACCEPT from IP=127.0.0.1:49379 (IP=0.0.0.0:389) Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=0 BIND dn=cn=manager,dc=something,dc=something,dc=something method=128 Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=0 BIND dn=cn=manager,dc=something,dc=something,dc=something mech=SIMPLE ssf=0 Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=0 RESULT tag=97 err=0 text= Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=1 SRCH base=ou=users,dc=something,dc=something,dc=something scope=2 deref=0 filter=((objectClass=shadowAccount)(uid=ldap_test)) Apr 18 07:54:13 FreeBSD slapd[593]: = bdb_equality_candidates: (uid) not indexed Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=2 BIND anonymous mech=implicit ssf=0 Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=2 BIND dn=cn=ldap_test,ou=users,dc=something,dc=something,dc=something method=128 Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=2 RESULT tag=97 err=49 text= Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=3 BIND dn=cn=manager,dc=something,dc=something,dc=something method=128 Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=3 BIND dn=cn=manager,dc=something,dc=something,dc=something mech=SIMPLE ssf=0 Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=3 RESULT tag=97 err=0 text= Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 fd=11 closed (connection lost) then I tried with this filter pam_filter objectclass=* again the same error Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 fd=11 ACCEPT from IP=127.0.0.1:58165 (IP=0.0.0.0:389) Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=0 BIND dn=cn=manager,dc=something,dc=something,dc=something method=128 Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=0 BIND dn=cn=manager,dc=something,dc=something,dc=something mech=SIMPLE ssf=0 Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=0 RESULT tag=97 err=0 text= Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=1 SRCH base=ou=users,dc=something,dc=something,dc=something scope=2 deref=0 filter=((objectClass=*)(uid=ldap_test)) Apr 18 08:07:28 FreeBSD slapd[593]: = bdb_equality_candidates: (uid) not indexed Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=2 BIND anonymous mech=implicit ssf=0 Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=2 BIND dn=cn=ldap_test,ou=users,dc=something,dc=something,dc=something method=128 Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=2 RESULT tag=97 err=49 text= Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=3 BIND dn=cn=manager,dc=something,dc=something,dc=something method=128 Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=3 BIND dn=cn=manager,dc=something,dc=something,dc=something mech=SIMPLE ssf=0 Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=3 RESULT tag=97 err=0 text= Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 fd=11 closed (connection lost
Re: PAM-SSH-LDAP problem
O/H Benjamin Lee έγραψε: On 04/17/2009 02:04 PM, Panos wrote: hello I'm trying to setup an ldap for authenticating users. I think that the ldap server is ok but ssh gives me an error PAM authntication error illigal user XXX from XXX.XXX.XXX.XXX I think that something is wrong when pam-ldap is quering tο ldap. Fisrt I thounght that was acl problem so I tried something like this access * by * write full access to alla but nothing. When I'm using phpldadmin to connet to ldap I have no problem, [...] Have you enabled ldap in /etc/nsswitch.conf? You may find it helpful to read through the FreeBSD LDAP Authentication article[1]. [1] http://www.freebsd.org/doc/en/articles/ldap-auth/index.html yes i have done this my ldap.conf file BASEdc=something,dc=something,dc=something URI ldap://127.0.0.1 ssl start_tls tls_cacertt /etc/certs/cert.crt my ldapsearch wokrs fine. without TLS. using TLS (-Z) ldap_start_tls: Connect error (-11) but for now I think that this is not the problem, for pam I don't use lpads:// search but ldap so when I find out what wrong is with pam and ldap I'll check for the cerificates. although openssl s_client -port 636 gives this output CONNECTED(0003) depth=0 /C=xx/ST=/L=/O=/OU=e/CN=x/emailaddress=xx...@x verify error:num=18:self signed certificate verify return:1 depth=0 /C=xx/ST=/L=/O=/OU=e/CN=x/emailaddress=xx...@x verify return:1 --- Certificate chain 0 s:/C=xx/ST=/L=/O=/OU=e/CN=x/emailaddress=xx...@x i:/C=xx/ST=/L=/O=/OU=e/CN=x/emailaddress=xx...@x --- Server certificate -BEGIN CERTIFICATE- xx xx xx -END CERTIFICATE- subject=/C=xx/ST=/L=/O=/OU=e/CN=x/emailaddress=xx...@x issuer=/C=xx/ST=/L=/O=/OU=e/CN=x/emailaddress=xx...@x --- No client certificate CA names sent --- SSL handshake has read 861 bytes and written 334 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher: AES256-SHA Session-ID: x Session-ID-ctx: Master-Key: xxx Key-Arg : None Start Time: 1240044283 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- my nsswitch.conf file group: ldap files group_compat: nis hosts: files dns networks: files group: ldap files passwd_compat: nis shells: files services: compat services_compat: nis protocols: files rpc: files I also tried group: files ldap passwd: files ldap but still nothing I've started and restarted nscd many times but stiil nothing. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: PAM-SSH-LDAP problem
I think I found what is the problem but I don't kow how to fix it. from the error messages err=49 means that the password is wrong. I'm sure that I type it correctly. So I captured traffic using whireshark when the manager tires toy bind everything is normal and the bind is succeful. In the field authentication simple of the packet the password was the correct but when ldap_test tries to bind the password that it send to ldap server is INCORECT ( 08 0a 0d 7f 49 4e 43 4f 52 52 45 43 54 the hex field), so ldap server returns invalid credentials. I think that this is the problem but I don't have a clue how to solve it. I can't understand why it sends an incorect password, and most important which of ssh, pam, pam_ldap has the problem. Any ideas? O/H Panos έγραψε: O/H Emiel van de Laar έγραψε: On Apr 17, 2009, at 11:04 PM, Panos wrote: hello I'm trying to setup an ldap for authenticating users. I think that the ldap server is ok but ssh gives me an error PAM authntication error illigal user XXX from XXX.XXX.XXX.XXX I think that something is wrong when pam-ldap is quering tο ldap. Fisrt I thounght that was acl problem so I tried something like this access * by * write full access to alla but nothing. When I'm using phpldadmin to connet to ldap I have no problem, [snip] Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 fd=11 ACCEPT from IP=127.0.0.1:51667 (IP=0.0.0.0:389) Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 BIND dn=cn=manager,dc=something,dc=something,dc=something method=128 Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 BIND dn=cn=manager,dc=something,dc=something,dc=something mech=SIMPLE ssf=0 Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 RESULT tag=97 err=0 text= Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=1 SRCH base=ou=users,dc=something,dc=something,dc=something scope=2 deref=0 filter=((?objectClass=possixAccount)(uid=ldap_test)) Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=value does not conform to assertion syntax Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 fd=11 closed (connection lost) I suggest you have a look at the LDAP filter. The log above shows: ((?objectClass=possixAccount)(uid=ldap_test)) While I expect something like: ((objectClass=possixAccount)(uid=ldap_test)) i.e. remove the '?'. Regards, - Emiel I know, I found strange this filter but in my ldpa.conf this is the filter line. pam_filter objectclass=possixAccount So no ? should be in the filter i tried without pam_filter objectclass=possixAccount and the only difference in the logs is instead of ((?objectClass=possixAccount)(uid=ldap_test)) I get (uid=ldap_test) but still I can't log in. then I tried with filter shadowAccount and here is the output It says that is not indexed why? Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 fd=11 ACCEPT from IP=127.0.0.1:49379 (IP=0.0.0.0:389) Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=0 BIND dn=cn=manager,dc=something,dc=something,dc=something method=128 Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=0 BIND dn=cn=manager,dc=something,dc=something,dc=something mech=SIMPLE ssf=0 Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=0 RESULT tag=97 err=0 text= Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=1 SRCH base=ou=users,dc=something,dc=something,dc=something scope=2 deref=0 filter=((objectClass=shadowAccount)(uid=ldap_test)) Apr 18 07:54:13 FreeBSD slapd[593]: = bdb_equality_candidates: (uid) not indexed Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=2 BIND anonymous mech=implicit ssf=0 Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=2 BIND dn=cn=ldap_test,ou=users,dc=something,dc=something,dc=something method=128 Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=2 RESULT tag=97 err=49 text= Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=3 BIND dn=cn=manager,dc=something,dc=something,dc=something method=128 Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=3 BIND dn=cn=manager,dc=something,dc=something,dc=something mech=SIMPLE ssf=0 Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 op=3 RESULT tag=97 err=0 text= Apr 18 07:54:13 FreeBSD slapd[593]: conn=7 fd=11 closed (connection lost) then I tried with this filter pam_filter objectclass=* again the same error Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 fd=11 ACCEPT from IP=127.0.0.1:58165 (IP=0.0.0.0:389) Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=0 BIND dn=cn=manager,dc=something,dc=something,dc=something method=128 Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=0 BIND dn=cn=manager,dc=something,dc=something,dc=something mech=SIMPLE ssf=0 Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=0 RESULT tag=97 err=0 text= Apr 18 08:07:28 FreeBSD slapd[593]: conn=13 op=1 SRCH base=ou=users,dc=something,dc=something,dc=something scope=2 deref=0 filter=((objectClass=*)(uid=ldap_test)) Apr 18 08:07:28 FreeBSD slapd[593]: = bdb_equality_candidates: (uid
PAM-SSH-LDAP problem
hello I'm trying to setup an ldap for authenticating users. I think that the ldap server is ok but ssh gives me an error PAM authntication error illigal user XXX from XXX.XXX.XXX.XXX I think that something is wrong when pam-ldap is quering tο ldap. Fisrt I thounght that was acl problem so I tried something like this access * by * write full access to alla but nothing. When I'm using phpldadmin to connet to ldap I have no problem, my ldap.conf base dc=something,dc=something,dc=something uri ldap://XXX.XXX.XXX.XXX/ ldap_version 3 binddn cn=manager,dc=something,dc=something,dc=something bindpw password(uncrypted) scope sub pam_filter objectclass=possixAccount pam_login_attribute uid pam_check_host_attr yes pam_check_service_attr no nss_base_passwdou=users,dc=something,dc=something,dc=something?sub nss_base_shadowou=users,dc=something,dc=something,dc=something?sub nss_base_group ou=groups,dc=something,dc=something,dc=something?sub I have tried this too but still nothing base dc=something,dc=something,dc=something uri ldap://XXX.XXX.XXX.XXX/ ldap_version 3 binddn cn=manager,dc=something,dc=something,dc=something bindpw password(uncrypted) scope sub pam_filter objectclass=possixAccount pam_login_attribute uid nss_base_passwdou=users,dc=something,dc=something,dc=something?sub nss_base_shadowou=users,dc=something,dc=something,dc=something?sub nss_base_group ou=groups,dc=something,dc=something,dc=something?sub my nss_ldap.conf base ou=users,dc=something,dc=something,dc=something uri ldap://XXX.XXX.XXX.XXX/ ldap_version 3 my slapd.conf include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/sendmail.schema include /usr/local/etc/openldap/schema/pureftpd.schema include /usr/local/etc/openldap/schema/radius.schema pidfile /var/run/openldap/slapd.pid argsfile/var/run/openldap/slapd.args loglevel -256 sizelimit 1000 lastmod on modulepath /usr/local/libexec/openldap moduleload back_bdb access to * by self write by dn=cn=Manager,dc=something,dc=something,dc=something write by users read by anonymous auth access to attr=userPassword by dn=cn=Manager,dc=something,dc=something,dc=something write by anonymous auth by self write by * none databasebdb suffix dc=something,dc=something,dc=something rootdn cn=Manager,dc=something,dc=something,dc=something rootpw {CRYPT}PASSWORD. directory /var/db/openldap-data TLSVerifyClient demand TLSCertificateFile /etc/certs/cert.crt TLSCertificateKeyFile /etc/certs/cert.key TLSCACertificateFile/etc/certs/cert.crt TLSCipherSuite HIGH:MEDIUM:+SSLv2 index objectClass eq index uid eq,pres index cn eq,pres index maileq,pres index ou eq,pres,sub index uidnumber eq,pres index gidnumber eq,pres my pam.d/ssh authsufficient pam_opie.so no_warn no_fake_prompts authrequisite pam_opieaccess.so no_warn allow_local authsufficient /usr/local/lib/pam_ldap.so no_warn authrequiredpam_unix.so no_warn try_first_pass # account account requiredpam_nologin.so no_warn account requiredpam_login_access.so account required/usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user # session session requiredpam_permit.so # password passwordrequiredpam_unix.so no_warn try_first_pass and my ldap.log output Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 fd=11 ACCEPT from IP=127.0.0.1:51667 (IP=0.0.0.0:389) Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 BIND dn=cn=manager,dc=something,dc=something,dc=something method=128 Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 BIND dn=cn=manager,dc=something,dc=something,dc=something mech=SIMPLE ssf=0 Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=0 RESULT tag=97 err=0 text= Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=1 SRCH base=ou=users,dc=something,dc=something,dc=something scope=2 deref=0 filter=((?objectClass=possixAccount)(uid=ldap_test)) Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=value does not conform to assertion syntax Apr 18 00:01:05 FreeBSD slapd[1336]: conn=0 fd=11 closed (connection lost) if you could help me I would be gratefull. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to
How to Update my Freebsd packages kernel and Core
Hello I'm new to Freebsd and I would like to know if there is anything like apt-get for upgrating everything in my Freebsd. If not Could you tell me how I can do it. Some of my packages are from ports and some using the sysinstall and I install them from the cd. I use Freebsd 7.1 thank you very much. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help with dmesg
O/H Rem P Roberti έγραψε: Peter Boosten wrote: Rem P Roberti wrote: Peter Boosten wrote: Rem P Roberti wrote: INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clamav/clmilter.sock, F=, T=S:4m;R:4m') I don't think the F= parameter can be empty (IIRC): it describes what your sendmail is supposed to do once clam isn't active (either 'F=R' for reject or 'F=T' for temporary unavailable). Peter BTW, I noticed that when I try to do a newaliases command the same error message comes up: /etc/mail/sendmail.cf: line 48: unknown configuration line What's in your sendmail.cf then? Display lines 40 - 60. Peter Here are the actual sendmail.cf lines 41-59: 41 # $Id: redirect.m4,v 8.15 1999/08/06 01:47:36 gshapiro Exp $ # 42 43 # $Id: use_cw_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $ # 44 45 46 47 48 49 50 # $Id: access_db.m4,v 8.27 2006/07/06 21:10:10 ca Exp $ # 51 52 53 # $Id: blacklist_recipients.m4,v 8.13 1999/04/02 02:25:13 gshapiro Exp $ # 54 55 56 # $Id: local_lmtp.m4,v 8.17 2002/11/17 04:41:04 ca Exp $ # 57 58 59 # $Id: mailertable.m4,v 8.25 2002/06/27 Not very interesting, is it. I have the feeling that this problem belongs on another list. Thanks for the help, Peter. I will continue to watch here. Rem ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org if I remember rigth I had the same problem months ago, but I'm not really sure how I solved it. First try to delete the lines 44 - 49 of yourr's .cf file. then try to restart sendmail. if that doesn't work try dnl after every line in the .mc file. e.x INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clamav/clmilter.sock,F=, T=S:4m;R:4m') dnl I think something like that I did and it works. But I'm not so sure. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Forcing a port to install?
On Thu, Aug 02, 2007 at 12:35:52PM -0700, Chris Maness wrote: If a port has been black listed by portaudit, how do you install it anyway? try adding DISABLE_VULNERABILITIES=yes to /etc/make.conf (do not forget to unset it afterwards though ;) -- Panos Paganis [EMAIL PROTECTED] pgpe9PwByvNTq.pgp Description: PGP signature
support
i have P4 3Ghz.can i use bsd in my system? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]