mdevin said: > You are a legend. I don't know how you figured out all that stuff but > after copying and pasting from your howto I can finger user aphro (which > doesn't exist otherwise on my system).
ok thats a good start :) > > I still can't get the pam_ldap working with ssh, despite copying your > pam_ldap.conf file and putting the same entries as you in /etc/pam.d/ssh > > I checked /etc/ssh/sshd_config and commented out: > #UsePrivilegeSeparation yes > And then changed the following to yes: > PAMAuthenticationViaKbdInt yes did you restart SSH after making the change? I have priviledge speration set to no, just because I haven't had a chance to test it with yes yet, I don't think it would work with the strict permissions on the pam_ldap.conf. maybe you can get around this by using group permissions. > > While watching the logs in the terminal I started slapd from with -d 255 > switch, I don't even see any action when trying to ssh as user aphro or > any other user for that matter. So it seems that sshd is not even trying > to use ldap. check /var/log/auth.log for messages from the SSH daemon(and PAM) on the server, that should reveal something as well, sounds like it's not configured to connect to the right host/port/protocol. or priviledge seperation is preventing it from reading the config file. > Anyway, just wanted to let you know that I thank you for your help and > that I can now see the light. The only changes I made to your > configuration and ldif files were to leave slapd running as root and let > it bind to the default port of 389. glad to help, it wasn't easy digging that stuff up, took many months of work, and a good 25-30 hours to complete that document, Theres more cool stuff you can do with pam_ldap which I learned since I wrote that doc, but haven't added it yet. the ldap doc is moving to a new home soon: http://howto.aphroland.de/HOWTO/LDAP which runs on Zope+Zwiki, which allows users to add content to the documents, create new documents, subscribe to documents to recieve email notification when they change and more. It's not finished yet I hope to finish the initial version tonight. hopefully this can encourage users to add more info to the documents on their own since its really difficult to get in the documenting "mode", as can be seen by my not updating my LDAP docs since august ..even though I know there is at least 2 errors in it. also check out my MRTG docs which I completed the initial revision of the HOWTO over the weekend(another 10-20 hours of writing, ack), it has all the features of Zwiki enabled: http://howto.aphroland.de/HOWTO/MRTG nearly 60 different uses for MRTG documented there with more to come. good luck! nate -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
