OpenLDAP authentication in FreeBSD 13.2

N

nebu

Hi,

I am trying to set up centralized user management with OpenLDAP. I have a working server (it seem to work to me) and I am now trying to setup the clients.

I have edited
/usr/local/etc/nss_ldap.conf

with
Code: 
host 192.168.178.20 
base dc=example,dc=com

and

/etc/nsswitch.conf

Code: 
group: files ldap
passwd: files ldap

I can see the user via getent passwd and I can su to the user's console when I am root.
I have added session required /usr/local/lib/pam_mkhomedir.so to
/etc/pam.d/login (pam:mkhomedir is installed)

When using su no homedir is created and I can't login to the system using user and password.

I have also tinkered with /etc/pam.d/sshd but login also fails via ssh.

Am I missing something?


Ben
 
nebu said:
Am I missing something?
Click to expand...
security/pam_ldap? The only thing you've configured so-far is name resolving (mapping users to ids) and the creation of the home directory (if it doesn't exist), there's nothing done for the actual authentication and authorization.

docs.freebsd.org

LDAP Authentication

Guide for the configuration of an LDAP server for authentication on FreeBSD
docs.freebsd.org docs.freebsd.org
 
Ah, sorry. Yes, I did that before everything else but forgot to write it down.
I created /usr/local/etc/ldap.conf with
Code: 
login    auth    sufficient    /usr/local/lib/pam_ldap.so

in it.
I guess there must be something more somewhere, right?
 
Yes. It is in /usr/local/etc/pam.d/ldap
Sorry, copy and paste error. I followed the guide.
 
Hmmm... security/pam_ldap/

says

Edit /usr/local/etc/ldap.conf in order to use this module. Then
create a /usr/local/etc/pam.d/ldap with a line similar to the following:

login auth sufficient /usr/local/lib/pam_ldap.so
Click to expand...

But I'll start again on a new machine from scratch. Thank you!
 
You must log in or register to reply here.
Back
Top