Hi guys,
Relatively new to FreeBSD. I'm trying to authenticate users logging in via SSH against Active Directory using pam_ldap. It works fine when the user is in /etc/passwd, but authentication fails for users that are not. A packet trace reveals the password sent to LDAP in the bindRequest is 08:0a:0d:7f:49:4e:43:4f:52:52:45:43:54 in hex or "....INCORRECT" in ASCII - hence the failure.
I've followed the LDAP configuration instructions at http://www.freebsd.org/doc/en/articles/ldap-auth/ldap.html. I'm sure it's something obvious but endless searches have not turned up anything for me. Here's my /etc/pam.d/sshd for reference.
Thanks
Denny
Relatively new to FreeBSD. I'm trying to authenticate users logging in via SSH against Active Directory using pam_ldap. It works fine when the user is in /etc/passwd, but authentication fails for users that are not. A packet trace reveals the password sent to LDAP in the bindRequest is 08:0a:0d:7f:49:4e:43:4f:52:52:45:43:54 in hex or "....INCORRECT" in ASCII - hence the failure.
I've followed the LDAP configuration instructions at http://www.freebsd.org/doc/en/articles/ldap-auth/ldap.html. I'm sure it's something obvious but endless searches have not turned up anything for me. Here's my /etc/pam.d/sshd for reference.
Code:
# auth
auth required pam_nologin.so no_warn
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
auth sufficient /usr/local/lib/pam_ldap.so no_warn
auth required pam_unix.so no_warn try_first_pass
# account
account required pam_login_access.so
account required /usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user
# session
session required pam_permit.so
# password
password required pam_unix.so no_warn try_first_pass
Thanks
Denny