[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: difference between /etc/ldap.conf /etc/openldap/ldap.conf



You also should check the sshd_config and make sure you have "UsePAM yes" in 
the config

-----Original Message-----
From: GanGan [mailto:gangan@zalteam.com]
Sent: Wednesday, October 29, 2008 12:03 PM
To: Lynn York
Cc: Hallvard B Furuseth; Openldap technical
Subject: RE: difference between /etc/ldap.conf /etc/openldap/ldap.conf



I did not touch so I do not think it comes from this files



On Wed, 29 Oct 2008 11:55:29 -0400, Lynn York <lyork@inetu.net> wrote:
> Make sure have configured PAM properly.  Here is an example of a
> system-auth-ac file that I use that works properly:
>
> [ /etc/pam.d/system-auth-ac ]
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth        required      pam_env.so
> auth        sufficient    pam_unix.so nullok try_first_pass
> auth        sufficient    pam_ldap.so use_first_pass
> auth        required      pam_deny.so
>
> account     required      pam_unix.so broken_shadow
> account     sufficient    pam_localuser.so
> account     sufficient    pam_succeed_if.so uid < 500 quiet
> account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
> account     required      pam_permit.so
>
> password    requisite     pam_cracklib.so try_first_pass retry=3
> password    sufficient    pam_unix.so md5 shadow nullok try_first_pass
> use_authtok
> password    sufficient    pam_ldap.so use_authtok
> password    required      pam_deny.so
>
> session     optional      pam_keyinit.so revoke
> session     required      pam_limits.so
> session     [success=1 default=ignore] pam_succeed_if.so service in crond

> quiet use_uid
> session     required      pam_unix.so
> session     optional      pam_ldap.so
> [ end /etc/pam.d/system-auth-ac ]
>
>
> -----Original Message-----
> From: openldap-technical-bounces+lyork=inetu.net@openldap.org
> [mailto:openldap-technical-bounces+lyork=inetu.net@openldap.org] On
Behalf
> Of
> GanGan
> Sent: Wednesday, October 29, 2008 11:28 AM
> To: Hallvard B Furuseth
> Cc: Openldap technical
> Subject: Re: difference between /etc/ldap.conf /etc/openldap/ldap.conf
>
>
> thank you
>
> I have a problem with my users authentication.
>
> getent passwd
> gives me my 4 users ldap
>
> [...]
>
> videl:x:503:1000:videl:/home/videl:/bin/bash
> azerty:x:501:1000:azerty:/home/azerty:/bin/bash
> wizz:x:515:1000:wizz:/home/wizz:/bin/bash
> shen:x:509:1000:shen:/home/shen:/bin/bash
>
> but impossible to connect.
>
> [root@clitest3 /]# ssh videl@srvtest3.test.org
> videl@srvtest3.test.org's password:
> Permission denied, please try again.
> videl@srvtest3.test.org's password:
> Permission denied, please try again.
> videl@srvtest3.test.org's password:
> Permission denied (publickey,password).
>
> log ldap server (srvtest3):
>
> Oct 29 16:25:41 srvtest3 slapd[1947]: conn=19 fd=14 ACCEPT from
> IP=127.0.0.1:40706 (IP=0.0.0.0:389)
> Oct 29 16:25:41 srvtest3 slapd[1947]: conn=19 op=0 STARTTLS
> Oct 29 16:25:41 srvtest3 slapd[1947]: conn=19 fd=14 TLS established
> tls_ssf=256 ssf=256
> Oct 29 16:25:41 srvtest3 slapd[1947]: conn=19 op=0 RESULT oid= err=0
text=
> Oct 29 16:25:41 srvtest3 slapd[1947]: conn=19 op=1 BIND dn="" method=128
> Oct 29 16:25:41 srvtest3 slapd[1947]: conn=19 op=1 RESULT tag=97 err=0
> text=
> Oct 29 16:25:41 srvtest3 slapd[1947]: conn=19 op=2 SRCH
> base="ou=user,dc=midian,dc=org" scope=2 deref=0
> filter="(&(objectClass=posixAccount)(uid=videl))"
> Oct 29 16:25:41 srvtest3 slapd[1947]: conn=19 op=2 SRCH attr=uid
> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
> description objectClass
> Oct 29 16:25:41 srvtest3 slapd[1947]: conn=19 op=2 SEARCH RESULT tag=101
> err=0 nentries=0 text=
> Oct 29 16:25:45 srvtest3 slapd[1947]: conn=19 op=3 SRCH
> base="ou=user,dc=midian,dc=org" scope=2 deref=0
> filter="(&(objectClass=posixAccount)(uid=videl))"
> Oct 29 16:25:45 srvtest3 slapd[1947]: conn=19 op=3 SRCH attr=uid
> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
> description objectClass
> Oct 29 16:25:45 srvtest3 slapd[1947]: conn=19 op=3 SEARCH RESULT tag=101
> err=0 nentries=0 text=
> Oct 29 16:25:45 srvtest3 slapd[1947]: conn=20 fd=17 ACCEPT from
> IP=127.0.0.1:40707 (IP=0.0.0.0:389)
> Oct 29 16:25:45 srvtest3 slapd[1947]: conn=20 op=0 STARTTLS
> Oct 29 16:25:45 srvtest3 slapd[1947]: conn=20 op=0 RESULT oid= err=0
text=
> Oct 29 16:25:45 srvtest3 slapd[1947]: conn=20 fd=17 TLS established
> tls_ssf=256 ssf=256
> Oct 29 16:25:45 srvtest3 slapd[1947]: conn=20 op=1 BIND dn="" method=128
> Oct 29 16:25:45 srvtest3 slapd[1947]: conn=20 op=1 RESULT tag=97 err=0
> text=
> Oct 29 16:25:45 srvtest3 slapd[1947]: conn=20 op=2 SRCH
> base="ou=user,dc=midian,dc=org" scope=2 deref=0
> filter="(&(host=srvtest3.test.org)(uid=videl))"
> Oct 29 16:25:45 srvtest3 slapd[1947]: <= bdb_equality_candidates: (host)
> index_param failed (18)
> Oct 29 16:25:45 srvtest3 slapd[1947]: conn=20 op=2 SEARCH RESULT tag=101
> err=0 nentries=0 text=
>
> I do not understand why it is not working. :(
> any idea ?
--
- GanGan -
www.system-linux.eu merci pour le clique sur la pub :p

Attachment: smime.p7s
Description: S/MIME cryptographic signature