DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 14th May 2008
rajendra_nagi rajendra_nagi is offline
New User
 
Join Date: May 2008
Posts: 3
Thanked 0 Times in 0 Posts
Default openldap for authentication

hi every one i have installed opaenldap24 and i just want that my openldap client should be able to change the password using command passwd and i hve found that it needs pam integration i dont know how to fix this please help me out its very urgent to me........
Reply With Quote
  #2   (View Single Post)  
Old 14th May 2008
stukov's Avatar
stukov stukov is offline
Real Name: Jean-Michel Philippon-Nadeau
Package Pilot
 
Join Date: May 2008
Location: Sherbrooke, Qc, Canada
Posts: 167
Thanked 6 Times in 6 Posts
Default

Have you installed the "pam_ldap" port? Have you configured your "ldap.conf" file? What have you done so far?
__________________
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction."
Reply With Quote
  #3   (View Single Post)  
Old 14th May 2008
rajendra_nagi rajendra_nagi is offline
New User
 
Join Date: May 2008
Posts: 3
Thanked 0 Times in 0 Posts
Default

ya i did installed pam_lap and ldap.conf
Reply With Quote
  #4   (View Single Post)  
Old 14th May 2008
stukov's Avatar
stukov stukov is offline
Real Name: Jean-Michel Philippon-Nadeau
Package Pilot
 
Join Date: May 2008
Location: Sherbrooke, Qc, Canada
Posts: 167
Thanked 6 Times in 6 Posts
Default

Should work then... Are you able to query your ldap server with ldapsearch?
__________________
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction."
Reply With Quote
  #5   (View Single Post)  
Old 14th May 2008
rajendra_nagi rajendra_nagi is offline
New User
 
Join Date: May 2008
Posts: 3
Thanked 0 Times in 0 Posts
Default

yes i am able to do ldapsearch aswel, but i dont know how user will change its password using passwd and not ldappasswd
Reply With Quote
  #6   (View Single Post)  
Old 14th May 2008
stukov's Avatar
stukov stukov is offline
Real Name: Jean-Michel Philippon-Nadeau
Package Pilot
 
Join Date: May 2008
Location: Sherbrooke, Qc, Canada
Posts: 167
Thanked 6 Times in 6 Posts
Default

Have you added "ldap" to /etc/nsswitch.conf ?
__________________
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction."
Reply With Quote
  #7   (View Single Post)  
Old 16th May 2008
protologic protologic is offline
New User
 
Join Date: May 2008
Posts: 5
Thanked 1 Time in 1 Post
Default

This might help

/etc/pam.d/passwd
(add this above the pam_unix.so line):
password sufficient /usr/local/lib/pam_ldap.so
Reply With Quote
  #8   (View Single Post)  
Old 16th May 2008
coppermine's Avatar
coppermine coppermine is offline
Port Guard
 
Join Date: May 2008
Posts: 40
Thanked 0 Times in 0 Posts
Default

mmm.. nice topic! Very good addition to security stuff. Wish to have more working and robust examples.
Reply With Quote
  #9   (View Single Post)  
Old 16th July 2008
coppermine's Avatar
coppermine coppermine is offline
Port Guard
 
Join Date: May 2008
Posts: 40
Thanked 0 Times in 0 Posts
Default

The fate is interesting thing. Now I need to implement LDAP + SAMBA... I have spent four days by tackling and following different manuals to do this. Unfortunately, I am stuck in the phase where I need to modify the PAM settings so user in LDAP database can authenticate against it.
The problem I think so far is with PAM configuration, because the best result I could obtain is to modify password during logon (!!!). I.e. I enter user name followed by password, but the system prompts me for old password, the new one and to confirm the new password! And this behavior is in loop!

Yes, I can query ldap server (slapcat and with getent) and I have installed nss_ldap.conf and ldap.conf files with accompanying secret password files. Also I have made sure that slapd.conf is more or less tuned and provides working server.

Interesting stuff is happening with nscd daemon (nsswitch.conf)... I think there is some caching and Andrew Tridgel in his Samba by Example suggests to disable it.

The worst is that there is no good information regarding pam + nss and also with ties FreeBSD + SAMBA + LDAP on the internet. Mailing lists, bulletins and devoted sites contain very scattered information and very often seriously outdated.

...

Please, point to good resources or demand any config files (listing all of them would occupy lot of space). I feel quite lost and I am not far away to install SME server at least reinstall or packages and settings...

System : FreeBSD 7.0-RELEASE, OpenLDAP-2.3, Samba-3.0... + pam_ldap + nss_ldap

Last edited by coppermine; 16th July 2008 at 07:33 PM.
Reply With Quote
Old 17th July 2008
phatfish phatfish is offline
New User
 
Join Date: May 2008
Location: United Kingdom
Posts: 5
Thanked 0 Times in 0 Posts
Default

Hi coppermine, im looking to do the same thing. At the moment, just get Samba running as a PDC and authenticating against an OpenLDAP server (pam is for local authentication, right?).

As you have said, ive found many tutorials for various linux flavours and mailing list postings. But nothing really related to FreeBSD specifically. I think such a setup guide would be very helpful for FreeBSD users.

The closest i have come to a full tutorial is this http://www.opensourcehowto.org/how-t...ba-as-pdc.html

I have a openLDAP 2.3 server running that seems to be setup correctly (i can query it etc.) but im having problems getting Samba to authenticate against it. Im just stabbing around in the dark really, using mainly that guide above.

Ill play around a bit more and see what i come up with over the next couple of days.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenLDAP and MySQL PatrickBaer FreeBSD General 1 4th November 2008 04:44 PM


All times are GMT. The time now is 04:56 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick