Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 26 Mar 2008 16:28:43 -0500
From:      Paul Schmehl <pauls@utdallas.edu>
To:        Frank Bonnet <f.bonnet@esiee.fr>, bseklecki@collaborativefusion.com
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Working /etc/pam.d/sshd file with pam_ldap  6.3 or 7.0 ?
Message-ID:  <415463677EAE17931859BFF9@[10.110.3.94]>
In-Reply-To: <47EA6563.3030109@esiee.fr>
References:  <47E90D72.3060909@esiee.fr> <1206456103.18298.88.camel@soundwave.ws.pitbpa0.priv.collaborativefusion.com> <47E91ACF.1040804@esiee.fr> <1206459218.18298.100.camel@soundwave.ws.pitbpa0.priv.collaborativefusion.com> <47EA6563.3030109@esiee.fr>
next in thread | previous in thread | raw e-mail | index | archive | help 
Please don't top post.  It disrupts the flow of the conversation.  (See 
below for my response.)

--On Wednesday, March 26, 2008 4:01 PM +0100 Frank Bonnet 
<f.bonnet@esiee.fr> wrote:

> Hello
>
> After having spent several hours on it I can't have a working
> ssh access that use PAM_LDAP on a freebsd 6/7 machine !
>
> I have no problem on a Linux Debian etch box ...
>
> Where are we going if Linux works better than BSD ? :-)
>

Setting up pam ldap ssh access on a FreeBSD box takes less than five 
minutes *after* installing the correct ports.

1) net/openldap-client
2) security/pam_ldap

Then configure ldap.conf (in /usr/local/etc/) which is quite simple:
host {your ldap server(s) either hostname(s) or ip(s) in a space-separate 
list
dc (your dn)

Then configure /etc/pam.d/sshd thus:
auth            sufficient      /usr/local/lib/pam_ldap.so      no_warn 
try_first_pass

That's all that is needed.

If it doesn't work, fire up wireshark (port) or tcpdump (base) and see what 
the problem is.

You needn't even bother creating local passwords for accounts.  Just create 
the account without one, and with pam/ssh/ldap, they can login and use 
their assigned shell/do whatever you've authorized them to do.

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?415463677EAE17931859BFF9>