[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Account question

To: Raffael Sahli <public@raffaelsahli.com>
Subject: Re: Account question
From: NetNinja <2bitninja@gmail.com>
Date: Thu, 15 Dec 2011 08:43:21 -0500
Cc: openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=C5DApHZ3QGI5h65PtIk+P5FS/K6sqR4qpzCeqz4gFX4=; b=H7c7nCxKHqlnaiCdFwtD9uD5jn0T0wg5Laq9G41xLtVjj8p2mn8qVIltgpKS4FgWNZ 9R48PEgnT8vBFBcZ9Z2UIkMRQq0o5tnz6YxoE15hbXQzJfDELhRxmMQLf6Tv5aFkCFV2 Cp6cze4EgHjjd8GfM7kfCfIj4q4smarOowLqQ=
In-reply-to: <4EE8EED3.7040205@raffaelsahli.com>
References: <CAK0N32HtjBndQqakHmqkCtG-yQTS2jJGBNr51iQjRDww2qPz+A@mail.gmail.com> <4EE8EED3.7040205@raffaelsahli.com>

All commands I try work on both OS's. On the Solaris server su or ssh
test01@sol10-1 doesn't work. The user03 account works in just fine.

On sol10-1 in the log /var/adm/messages I get this error when I ssh:
libsldap:Status: 49 Mesg: openConnection: simple bind failed - Invalid
credentials
keyboard-interactive (PAM) userauth failed[9] while authentication:
Authentication failed.

On sol10-1 in the log /var/adm/messages I get this error when I su:
libsldap:Status: 49 Mesg: openConnection: simple bind failed - Invalid
credentials
'su test01' failed for user03 on /dev/pts/3

On Wed, Dec 14, 2011 at 1:45 PM, Raffael Sahli <public@raffaelsahli.com> wrote:
> On 14.12.2011 19:08, NetNinja wrote:
>>
>> Hello,
>> I have a two different user accounts and one works the other not so
>> much. The account user03 works on both Solaris 10 and RHEL clients.
>> While test01 can do everything but login to the Solaris 10 client, I
>> can use this account to login to the RHEL client though. Can someone
>> look at my accounts below and tell me why user03 works and test01
>> doesn't?
>>
>> # user03, People, test.net
>> dn: uid=user03,ou=People,dc=test,dc=net
>> uid: user03
>> cn: user03
>> objectClass: account
>> objectClass: posixAccount
>> objectClass: top
>> objectClass: shadowAccount
>> shadowMax: 99999
>> shadowWarning: 7
>> loginShell: /bin/bash
>> uidNumber: 603
>> gidNumber: 500
>> homeDirectory: /home/user03
>> gecos: user03
>>
>> # test01, People, test.net
>> dn: uid:test01,ou=People,dc=test,dc=net
>
> Wrong dn, but I guess thats a mistake with copy&paste ;)

I hand typed all this. yes that was a typo. Also I made a typo with
this shadowMax: 0 should be  shadowMin: 0
>
>
>> uid: test01
>> cn: test01
>> objectClass: account
>> objectClass: posixAccount
>> objectClass: top
>> objectClass: shadowAccount
>> shadowMin: 0
>> shadowMax: 99999
>> shadowWarning: 7
>> loginShell: /bin/bash
>> uidNumber: 701
>> gidNumber: 500
>> homeDirectory: /home/test01
>>
>> # ldapclient list
>> NS_LDAP_FILE_VERSION= 2.0
>> NS_LDAP_BINDDN= uid=proxyagent,ou=People,dc=test,dc=net
>> NS_LDAP_BINDPASSWD= password
>> NS_LDAP_SERVERS= X.X.X.X:389
>> NS_LDAP_SEARCH_BASEDN= dc=test,dc=net
>> NS_LDAP_SERVER_PREF= X.X.X.X
>> NS_LDAP_CACHETTL= 0
>> NS_LDAP_CREDENTIAL_LEVEL= proxy
>> NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=test,dc=net
>> NS_LDAP_SERVICE_SEARCH_DESC= group:ou=People,dc=test,dc=net
>> NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=People,dc=test,dc=net
>> NS_LDAP_SERVICE_AUTH_METHOD= pam_ldap:simple
>>
>> I'm still testing so I ran ldapclient manual. When I feel that I have
>> the the right setting, I will load the profile into LDAP.
>> Any suggestions will be great.
>>
> Is there anything in the auth log file? You should see some pam errors.
> Can you fetch both user with getent?
>
>
> --
> Raffael Sahli
> public@raffaelsahli.com
>

References:
- Account question
  - From: NetNinja <2bitninja@gmail.com>
- Re: Account question
  - From: Raffael Sahli <public@raffaelsahli.com>

Prev by Date: Re: N-Way Multimaster. No base DN returned from server.
Next by Date: Re: Account question
Index(es):
- Chronological
- Thread