Summary
I recently purchased the Pioneer-FreedomBox-HSK two days ago. After it arrived, I connected it to my router using an Ethernet cable, powered it on, and allowed it to update. Everything was working fine, and I was able to connect via SSH using my password. However, after the device rebooted, I could no longer authenticate via SSH using my password—it kept showing an incorrect password error.
To troubleshoot, I added my public SSH key via the FreedomBox web interface, and I was able to log in successfully without using a password. However, I still want to understand why password authentication stopped working after the reboot and how I can restore it if needed.
Questions
Why is there no
userPassword
stored in LDAP for my user (imhere
)?
- Before rebooting, SSH password authentication worked, which suggests that it initially relied on
PAM
and/etc/shadow
. - After the reboot, FreedomBox switched to LDAP-only authentication, which requires
userPassword
to be set in LDAP. - Since
userPassword
is missing, LDAP is unable to verify the password, causing SSH login failures.
Why do I not know the
LDAP admin
password?
- During installation, FreedomBox does not display the
LDAP admin
password. - Without this password, I cannot modify LDAP entries, such as adding
userPassword
for my user. - Is there a way to retrieve or reset the
LDAP admin
password?
Why did SSH password authentication work before the reboot but stopped afterward?
- Before rebooting, it seems that FreedomBox allowed authentication through
/etc/shadow
. - After rebooting,
nslcd
andslapd
were fully enabled, making LDAP the sole authentication method. - Since my user lacks a
userPassword
entry in LDAP, the authentication fails.
Is this behavior intentional in FreedomBox for security/privacy reasons?
- Does FreedomBox deliberately remove password authentication after the first reboot to enforce key-based authentication?
- If so, what is the recommended approach for setting up password-based authentication securely in FreedomBox?
Troubleshooting Steps Taken
Checked if my user exists in LDAP:
sudo ldapsearch -xLLL -b "dc=thisbox" "(uid=imhere)"
Result:
dn: uid=imhere,ou=users,dc=thisbox
objectClass: account
objectClass: posixAccount
cn: imhere
uid: imhere
uidNumber: 10000
gidNumber: 100
homeDirectory: /home/imhere
loginShell: /bin/bash
gecos: imhere
description: User account
Observation:
- The user exists, but
userPassword
is missing.
Checked if
userPassword
exists in LDAP:
sudo ldapsearch -xLLL -b "dc=thisbox" "(uid=imhere)" userPassword
Result:
dn: uid=imhere,ou=users,dc=thisbox
Observation:
- No
userPassword
attribute is set.
Checked if LDAP authentication is enforced in
nsswitch.conf
:
cat /etc/nsswitch.conf | grep passwd
Result:
passwd: files ldap
Observation:
- LDAP is being used for authentication, meaning it will no longer check
/etc/shadow
for passwords.
Checked if
LDAP admin
credentials are known:
ldapwhoami -x -D "cn=admin,dc=thisbox" -W
Result:
ldap_bind: Invalid credentials (49)
Observation:
- I do not know the
LDAP admin
password.
Possible Workarounds & Questions for the Community
How can I retrieve or reset the
LDAP admin
password in FreedomBox?
Is there an official way to enable password authentication for SSH without using SSH keys?
Is it a deliberate design choice that FreedomBox disables password-based authentication after the first reboot?
What is the recommended way to set up password authentication in FreedomBox while keeping LDAP integration?
Current Workaround (Using SSH Keys)
Since I could not authenticate with a password, I manually added my public SSH key via the FreedomBox web interface. This allowed me to log in without a password. However, I still need guidance on how to properly configure FreedomBox to allow password-based authentication if needed.
Any insights from the FreedomBox community would be greatly appreciated!
If this behavior is intended, I believe adding a note about it in the installation documentation would help new users avoid confusion.