-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello!
Yesterday I finally managed to get my FreeBSD 8.2-STABLE box to actually authenticate to the Xserve, running Open Directory on Mac OS X 10.5 Server. I was able to log in to the FreeBSD box (egil.kreativsone.no) as a directory user via SSH and also via netatalk. Unfortunately, after a while, it stopped working. I can't remember doing anything at all... As far as I know, I made no changes in the configuration neither on the Xserve nor on the FreeBSD box. This is what happens when I try to log in via SSH. > mp-aleks:~ aleksander$ ssh aleks...@egil.kreativsone.no > Password: > aleks...@egil.kreativsone.no's password: > Connection closed by 192.168.3.6 Notice that I enter the password once, and then it asks for the password once more, but it won't accept the password. Here is the auth.log on egil.kreativsone.no: > May 26 13:18:24 egil sshd[5347]: error: PAM: user account has expired for > alekstef from 192.168.3.16 > May 26 13:18:28 egil sshd[5347]: Failed password for alekstef from > 192.168.3.16 port 62114 ssh2 I know for a fact that the user account is not expired in Open Directory. I have also checked the logs on the Xserve, but can't find anything relevant to the problem, so I assume the problem is on the FreeBSD-box. Here's the part of my nss_ldap.conf file on egil.kreativsone.no, that is not commented out. Everything else is the default: > host jangunnar.kreativsone.no > base dc=jangunnar,dc=kreativsone,dc=no > > ldap_version 3 > port 389 > scope one > bind_policy soft > pam_filter objectclass=posixAccount > pam_login_attribute uid > > pam_groupdn cn=lagring,cn=groups,dc=jangunnar,dc=kreativsone,dc=no > pam_member_attribute memberUid > > pam_password crypt > nss_base_passwd cn=users,dc=jangunnar,dc=kreativsone,dc=no?one > nss_base_shadow cn=users,dc=jangunnar,dc=kreativsone,dc=no?one > nss_base_group cn=groups,dc=jangunnar,dc=kreativsone,dc=no?one > ssl off I tried commenting out the pam_groupdn and pam_member_attributes with no success. I was hoping to restrict login to to the group "lagring", but it didn't seem to work. /etc/pam.d/sshd: > auth sufficient pam_opie.so no_warn > no_fake_prompts > auth requisite pam_opieaccess.so no_warn > allow_local > auth sufficient /usr/local/lib/pam_ldap.so no_warn > auth required pam_unix.so no_warn > try_first_pass > > # account > account required pam_nologin.so > account required pam_login_access.so > account required /usr/local/lib/pam_ldap.so no_warn > ignore_authinfo_unavail ignore_unknown_user > account required pam_unix.so > > # session > session required pam_permit.so > > # password > password required pam_unix.so no_warn > try_first_pass /etc/pam.d/netatalk > auth sufficient /usr/local/lib/pam_ldap.so no_warn > auth include system > account include system > password include system > session include system > account required /usr/local/lib/pam_ldap.so no_warn > ignore_authinfo_unavail ignore_unknown_user I really need to get this working again. Any help is highly appreciated. Please ask if you need more information. Thanks! Best regards, Aleksander Steffensen -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJN3j4xAAoJELxlbnDhBkKI7jEIAJqUquhmHVO4IDiTBXRERTIR qjv1zsWpUg1d/gps222hKxypN6NqIWDhSvZmRu2BWTgPek6nKjxOmlui4ZsMhhKS uU9jUDghQMijeXPNSxx6eUMb0b0FQ43UJaJQR/vK3ogpDq01SCAzYUAA5/N+vqME VSG1YxZDcCV+lbIYWZF8/IJLPVqr0BEeUgWNvWXSLqRBlXebNmbGl5dbL3MCnI9D JkLbpTeKcVjpaot6fgtkLt03Jk72l+MkpVbKABnb8fHOUBLXRkgHOC0VPIrSQ37X iYwvGQsSs8iHTCRyMUtLuJHrN8o2qCxZ7zatp3Pj15UlSpGFDDZkvWY10WfCmjw= =y51P -----END PGP SIGNATURE----- _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
