Тут по этой теме уже тонна написана. Перечитал всё. Всё равно не могу победить.FreeBSD 6.1-RELEASE
Стоит OpenLDAP и всё что с этим связано.
cyrus-sasl-ldapdb-2.1.21 SASL LDAPDB auxprop plugin
nss_ldap-1.244 RFC 2307 NSS module
openldap-client-2.2.30 Open source LDAP client implementation
openldap-server-2.2.30 Open source LDAP server implementation
p5-perl-ldap-0.33 A Client interface to LDAP servers
pam_ldap-1.8.0 A pam module for authenticating with LDAP
php4-ldap-4.4.2_1 The ldap shared extension for php
sendmail+sasl2+ldap-8.13.6 Reliable, highly configurable mail transfer agent with util
cat /etc/nsswitch.conf:
group: files ldap
group_compat: nis ldap
hosts: files dns ldap
networks: files ldap
passwd: files ldap
passwd_compat: nis ldap
shells: files ldap
shadow: files ldap
cat /etc/pam.d/pop3
auth sufficient /usr/local/lib/pam_ldap.so
auth required pam_unix.so no_warn try_first_pass
cat /etc/ldap.conf
base dc=gtss,dc=ru
host 127.0.0.1
uri ldap://192.168.100.8:389/
uri ldapi:///var/run/openldap/ldapi/
binddn cn=root,dc=gtss,dc=ru
bindpw overkill12
rootbinddn cn=root,dc=gtss,dc=ru
port 389
scope one
#pam_filter objectclass=user
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_min_uid 10000
pam_max_uid 30000
nss_base_shadow ou=users,dc=gtss,dc=ru?one
nss_base_passwd ou=users,dc=gtss,dc=ru?one
nss_base_group ou=groups,dc=gtss,dc=ru?one
ssl no
pam_password SSHA
Пытаюсь сгрузить почту.
В лог LDAPа летит примерно следующее:
Oct 2 19:25:18 geo-samba slapd[426]:
Oct 2 19:25:18 geo-samba slapd[426]: daemon: read activity on 30
Oct 2 19:25:18 geo-samba slapd[426]: => access_allowed: search access to "uid=zh,ou=users,dc=gtss,dc=ru" "objectClass" requested
Oct 2 19:25:18 geo-samba slapd[426]: <= root access granted
Oct 2 19:25:18 geo-samba slapd[426]: => access_allowed: search access to "uid=zh,ou=users,dc=gtss,dc=ru" "uid" requested
Oct 2 19:25:18 geo-samba slapd[426]: <= root access granted
Oct 2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "entry" requested
Oct 2 19:25:18 geo-samba slapd[426]: <= root access granted
Oct 2 19:25:18 geo-samba slapd[426]: daemon: select: listen=6 active_threads=0 tvp=NULL
Oct 2 19:25:18 geo-samba slapd[426]: daemon: select: listen=7 active_threads=0 tvp=NULL
Oct 2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "uid" requested
Oct 2 19:25:18 geo-samba slapd[426]: <= root access granted
Oct 2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "cn" requested
Oct 2 19:25:18 geo-samba slapd[426]: <= root access granted
Oct 2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "objectClass" requested
Oct 2 19:25:18 geo-samba slapd[426]: <= root access granted
Oct 2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "uidNumber" requested
Oct 2 19:25:18 geo-samba slapd[426]: <= root access granted
Oct 2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "homeDirectory" requested
Oct 2 19:25:18 geo-samba slapd[426]: <= root access granted
Oct 2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "loginShell" requested
Oct 2 19:25:18 geo-samba slapd[426]: <= root access granted
Oct 2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "shadowMax" requested
Oct 2 19:25:18 geo-samba slapd[426]: <= root access granted
Oct 2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "userPassword" requested
Oct 2 19:25:18 geo-samba slapd[426]: <= root access granted
Oct 2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "shadowLastChange" requested
Oct 2 19:25:18 geo-samba slapd[426]: <= root access granted
Oct 2 19:25:18 geo-samba slapd[426]: => access_allowed: read access to "uid=zh,ou=users,dc=gtss,dc=ru" "gidNumber" requested
Oct 2 19:25:18 geo-samba slapd[426]: <= root access granted
Oct 2 19:25:18 geo-samba slapd[426]: daemon: activity on 1 descriptors
Oct 2 19:25:18 geo-samba slapd[426]: daemon: activity on:
Oct 2 19:25:18 geo-samba slapd[426]: 34r
То есть как-то это работает.
В логи почтовика сыплется:
Oct 2 19:19:49 geo-samba qpopper[23321]: [AUTH] Failed attempted login to pirate from host (192.168.100.230) 192.168.100.230
Oct 2 19:20:34 geo-samba qpopper[23326]: zh at 192.168.100.230 (192.168.100.230): -ERR [AUTH] PAM authentication failed for user "zh": authentication error (9)
Oct 2 19:20:34 geo-samba qpopper[23326]: [AUTH] Failed attempted login to zh from host (192.168.100.230) 192.168.100.230
Oct 2 19:25:04 geo-samba qpopper[23352]: zh at 192.168.100.230 (192.168.100.230): -ERR [AUTH] PAM authentication failed for user "zh": new authentication token required (10)
Oct 2 19:25:04 geo-samba qpopper[23352]: [AUTH] Failed attempted login to zh from host (192.168.100.230) 192.168.100.230
Oct 2 19:25:28 geo-samba qpopper[23357]: zh at 192.168.100.230 (192.168.100.230): -ERR [AUTH] PAM authentication failed for user "zh": new authentication token required (10)
Oct 2 19:25:28 geo-samba qpopper[23357]: [AUTH] Failed attempted login to zh from host (192.168.100.230) 192.168.100.230
Почта не отдаётся.
При этом самба с тем же LDAP работает на ура...
Что делать и куда бежать? Уже весь мозг сломал...